Tuesday, February 03, 2004

General Requirements for a Compliance Machine

Richard asks "What are the general requirements for such a compliance machine? Can we articulate a small list of high-level design principles?".

I haven't read anything about this, but I do know how to build one :-)

This is my take on the requirements:

1) The machine must be very easy to install at a customer site.

2) It should require no management on the part of the customer's staff, except to provide it with power and a network connection.

3) It should be non-intrusive, so that the ICT systems at the customer do not even know it is there.

4) The supplier of the machine should be able to manage and support the machine remotely, but securely.

5) All means of access to the machine should be contractually agreed, and the contracts should be enforced by digital certification.

6) The configuration of the machine as to what it is monitoring, what the rules for alerting higher authority should be, and so on, should be very easy to set up, but only authorised staff should be able to do it.

In addition to all of this, our machine enables an authorised person to set up task-focussed UIs to create the working frameworks we have been discussing. The task-focussed UIs can operate using the data in existing database systems, as well as being able to store data in their own databases. There is a built-in workflow engine, too.

My attitude to this matter is that we would rather build a machine and demonstrate it, than spend a lot of time debating what it ought to be like. We have already got it all worked out, and are busily building sample machines and the networking infrastructure to go with them, at the moment.

This is why I am up to my ears in Cisco routers and servers at the moment :-)