This week’s focus on governance could not ring truer to real world scenarios as what was experience in China this past week. When the assessment team walked into the office on Monday it became quite clear that there was a major incident as the key stakeholders of the assessment were either in meetings or had their staff assisting on the manufacturing floors. We had been made aware that there was another virus outbreak. Of course, the first response was, we had just gone through this, how are there new infections. It turns out that some of the staff that images systems are not following the standard process to image machines, and therefore are putting a non-approved image back onto the shop floor systems. In addition to that, it was discovered that there have been non-standard systems ordered which leverage a thin client and embedded version of Windows. Since this configuration is not on the baseline there was never a patching method developed for these systems.
Another incident occurred where a customer network was infected. Though it was directly impacting our infrastructure, the customer’s manufacturing lines were down and could not produce product. This caused out IT staff to stand in and assist. What was not clear was that instead of our staff working on correcting our problems first, they worked through the customer’s issue first and used all of the IT resources to do it.
These two incidents are perfect examples on why governance is so important and how effective governance can be to the enterprise and its resources. Had the team been following the proper standards, we would have never been infected again, nor would we have wasted the time of the team and they could have been focused on other issues. With regards to the customer, we want to assist the customer whenever possible, however to provide 60 hours of free IT services is not something that should be taken lightly. We should have an agreement in place that addresses these types of issues, so that all parties are aware of their roles and responsibilities.