Page 5 - Estimating_Software
P. 5
Estimating Software – Security
business logic systems such as enterprise resource planning (ERP), accounting and project
management applications.
Processed data also needs to be trusted and accountable by having audit and assurance mechanisms
in place so that a user can compare and reconcile processed data with the expected result. Data
validation mechanisms also help improve the integrity of the estimating data by checking input
accuracy with verification checks implemented.
Care must be taken during software maintenance to ensure that application integrity is upheld.
Superior quality assurance mechanisms in addition to a business continuity and disaster recovery plan
in place can greatly assist in this process.
Business Continuity and Disaster Recovery Planning
Disaster recovery and business continuity refer to an organisation’s ability to recover and resume
operations in the event of a disaster and/or unexpected incident. A common requirement for a
disaster recovery plan is to perform an audit of the disaster recovery capacity of an organisation. In
some situations, there may be also a legal or regulatory requirement to have a disaster recovery plan
implemented.
Businesses which have a disaster recovery plan implemented will have already identified and
prioritised critical business functions and measured risk and potential exposure. As your estimating
practice sits right at the core of everything you do, it sets the foundation for security for the rest of
your business and will need to be incorporated into your backup and recovery strategy.
Information Security Governance and Risk Management
Business risks can be categorised as strategic, compliance, operational or reputational.
• Strategic risk arises when the implementation of a business does not go according to plan. To
counteract strategic risks, measures need to be put in place to constantly solicit feedback in
order to detect unexpected changes at an early stage.
• Compliance risk arises in industries and sectors that are highly regulated, or with industry-
specific regulation.
• Operational risks result from both internal failures and from unforeseen external events such
as a supplier failing to deliver products or services that the business is reliant on.
• Any time a company's reputation is damaged it runs the risk of losing customers.
Managing risk also includes using tools for risk assessment and analysis. For example, using three-
point estimating techniques may provide a company with a much clearer and more accurate picture
of the potential price variation for capital projects and/or programmes.
Regulations, Investigations and Compliance
Regulatory compliance requires that organisations adhere to laws, regulations, guidelines and
specifications. This impacts how your business operates internally, as well as how it interacts with
external entities. Violation of regulatory compliance may result in legal penalties.
One of the primary issues with regulatory compliance is information security and the potential for
data leaks. How your estimating data is entered, managed and reported impacts regulatory
Page | 5
