processes. Failing to follow such processes ultimately leads to systems
availability problems. The Gartner Group, a leading provider of IT industry
research and analysis, reported that 80 percent of unplanned systems
downtime is caused by people and process issues, including poor change
management practices. Enterprises which have established strong change
management practices typically have the highest levels of systems
Additionally, according to regulations, agencies are responsible for ensuring
effective and efficient operation of IT equipment before it is implemented.
This entails proving that new systems function in a production like test
environment to ensure that the IT applications work properly and contain
needed safeguards. However, in addition to its rushed systems acquisition
approach, the EP&R CIO does not have a test environment to match the real
systems environment, and does not always adequately test systems prior to
For example, the online NEMIS registration capability did not have a name
check function to ensure the validity and existence of the individuals filing
claims. Also, the online system did not have controls to prevent one
individual from generating multiple claims at the same time, even though the
technology to prevent this from occurring already exists. One FEMA official
was aware of six false claims made online. Proper testing of the online
system likely would have disclosed this lack of system controls, leaving
FEMA less susceptible to such fraud. FEMA officials said that they are in the
process of acquiring the identity proofing, authentication, and prevention
capabilities needed to mitigate these risks.
Further, a FEMA testing team lacked adequate requirements to support testing
of a new fire grants system. When it updated the production environment
with the new system code, the system automatically sent multiple print jobs
across the network, clogging up the system, and taking bandwidth away from
emergency personnel who needed it.
NSM: Often the Weakest Link in Business Availability
, Gartner, Inc., July 3, 2001.
Emergency Preparedness and Response Could Better Integrate Information Technology
with Incident Response and Recovery