Information Technology Reference
In-Depth Information
dispute resolution. It may be jointly understood that any system updates will
be purchased and installed by the technical staff. An update is announced
which the research team thinks it's necessary to install, as it is supposed to
enhance a certain kind of functionality related to the research effort. The
system staff, however, feel the update is unwarranted and have chosen not
to make the purchase. How does this dispute get resolved? Who has final
authority? While a good SLA limits the likelihood of any major conflict, it is
advisable to think through how conflict will be handled before an occasion
presents itself. Clarity regarding conflict resolution can mitigate loss of active
research time while resolving a dispute.
Routine maintenance and obligations should be spelled out clearly. Who
runs regular back-ups? Do system back-ups cover data back-ups or does the
research team need to routinely run their own data back-ups? When system
patchesandupdatesneedtobeinstalled,whoisresponsible?Doestheresearch
team install application patches and the system staff install operating system
updates?Doestheresearchteamhaveadministrativeaccesstotheserver?The
point is that all duties and responsibilities need to be clearly identified and
assigned in the SLA to limit confusion when potential issues arise.
Today people are highly sensitized to issues of privacy and security. Thus, a
service level agreement needs to include system security. This information is
likely to be necessary for funders and any institutional or professional review
boards that evaluate research proposals. Issues related to other operations on
thesameserver,institutionalfirewalls,andsoforth,shouldallbeincludedand
considered. For example, depending on how an institutional firewall is config-
ured, some research operations may be running outside of its confines. It may
have been easier for the developer to jump the firewall while configuring an
application than to go through the process of seeking permission to run a
research project. While the intention was to get a project expeditiously on
track, this could be a problem in the long term. Essentially, it could mean that
while the front door is bolted shut, the back door has been left wide open. A
savviedhackerwouldbeabletofindandexploitthissecuritylapse.Assuch,an
SLA should list any and all issues related to security, what steps have been
taken to ensure security, and how any security breach will be handled. You
should include what you, the researcher, will do as well as what you expect of
anyone serving as your technical support. Although the handling of a security
breachmayseemminor,ifaninstitution'spolicyistoshutdownanythingand
everythingfirst,andthentakeitstimeresolvingaproblem,thissituationcould
leave your research project offline for many days. This can be considerably
frustratingiftheresearcherhaslimitedknowledgeoftheproblemandconsiders
the problem a minor issue. Therefore, it is advisable to have clarity regarding
security issues prior to embarking on a study.
Inadditiontotraditionalissuesofsecurity,thereisaneedtobeclearonintel-
lectual property rights and any confidential information related to a research
project.SLAsshouldclearlyindicatewhetherornotanyinformationaccessible
totechnicalstaffisconfidential.Inaddition,anythingthatwouldbeconsidered
Search WWH ::




Custom Search