hse report claims systems disasters can be avoided
Post on 26-Jun-2016
213 views
TRANSCRIPT
January 1995 Computer Audit Update
Standards need to be shared and harmonized, and new audit approaches and services developed. The examples discussed in this paper are some outline ideas of what may be possible, and I hope will stimulate some debate and more detailed solutions.
To make these changes happen we need to be more open with our ideas, share common standards, and work with our auditees to meet the common goals. As a result we will gain a more positive image and make a more positive contribution.
Gary Hardy is Director of Consultancy Services for Zergo Ltd. This paper was first presented at COMPSEC ‘94.
NEWS
HSE report claims systems disasters can be avoided
The Health and Safety Executive is to publish a new booklet, Out of Control, in February this year which calls for improved standards of writing and testing systems to avoid computer-related accidents , reports Computer Weekly. The HSE publication will reveal that flaws in computerized systems have contributed to serious accidents, some of which have seriously jeopardized public health. It highlights that software written for safety-related systems can be dangerously flawed despite the claims by suppliers to the contrary.
The booklet illustrates this point with several examples including how computer failure has led to the release and spillage of toxic chemicals and potential risk of harm to operators of computerized systems. The HSE was particularly alarmed by the fact that 60% of faults were found to be built into systems before they were delivered to end users. Of all the faults nearly half of them were found to have occurred at the specification stage, nearly 15% during design and implementation and almost 6% on installation and commissioning. Once the systems were running, 15% of faults were found during operation and maintenance and 21%
01995 Elsevier Science Ltd
resulted from changes after commissioning. It claims that more attention paid to the specification, writing, testing and implementation of computerized systems can avoid potentially dangerous defects.
--
ICL suffers further blow
Another local authority is set to sue ICL for supplying faulty poll- and council tax software reports Computer Weekly. Castle Point Council in Basildon, UK will be the fourth council threatening to take ICL to court in the space of a year.
Recently, a High Court judge ruled that ICL was wrong in trying to impose limited liability clauses in its contracts which aim to reduce any damages to the cost of just the equipment or services provided. This led to ICL having to compensate St Albans District Council with f 1.3 million due to ICL’s faulty Comcis poll tax package which in turn spurred on two other councils in pursuing similar claims over unsatisfactory Council Tax software.
Now, Castle Point Council has similarly scrapped its ICL system and is now threatening to take the company to court. A spokesman for the council said “We’re still hopeful that we can reach an amicable agreement with ICL, but we’re not ruling out the possibility of legal action.”
-
Computer Security Institute announces new newsletter
The Computer Security Institute has announced the release of a new quarterly newsletter containing stories and tips written in
nontechnical language to enhance the security awareness of an organization’s staff. The newsletter entitled front/ine:Tips and Techniques to Protect Your Information Systems addresses the threats and vulnerabilities to information in computers and practical ways to combat them. It covers topics including computer viruses, disaster recovery, backing up and software piracy.
For more information call the CSI, CA, USA
on0101 4159052626.
19