Some thoughts on QA

Posted April 2nd, 2007 by

“QA !== Security”

I wrote that back in December on a yellow post-it and gave it to one of my contacts during some Security Test and Evaluation (ST&E) activities that were stepped on by a bazillion QA people.  He cared enough about the message to put it up in his cubicle when he moved, and it’s been warming the cockles of my heart ever since.

So why is it that today I’m writing policy and appointment letters for the Technical Review Board (TRB), Engineering Review Board (ERB) and Change Control Board (CCB)?

I’m not even remotely an Information Technology Infrastructure Library (ITIL) geek, but I do realize one thing:  I cannot keep denying changes at the CCB because it’s hurting the business side of my organization.  CCB is too late, it’s where people ask for the final approval and deconflicting of maintenance windows.

My chances at success for IT strategy depend on me getting involved in the planning stages of changes.  That means initiating the TRB, ERB, and CCB for the simple reason that I can straphang on their efforts.  In other words, I can head off security problems at the pass.

Moral of this story is that it pays to have friends in ITIL/CMMI/QA/$foo.



Similar Posts:

Posted in What Works | No Comments »

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.


Visitor Geolocationing Widget: