Risk analysis and business use cases.
I've been on a project for about 8 months now, objective, retire an hierarchical storage system that is EOL/EOSL at both hardware and software layers, and the vendor has advised that there will no longer be support for the implementation. Data stored? Financial accounting records for the core business, and *cough* billing data that the government can require as part of customer tax records.
Right off the top management believed that they could throw away 12 years of this data as "They can't possibly need this". It took me three or four weeks to get the two managers making this claim to go back to legal and get a comprehensive response about that data. Initially *legal* stated that they only needed 5 years. I had a quiet discussion with legal pointing at a series of tax regulation changes in the last three years that affected financial statements retroactively for 10 years. Legal went and reviewed things and finally came back with a sane answer.
Currently there is data on disk and on tape, and there are three copies of tape data, one permanently offsite.
Initial estimates of cost - well -- there was only one implementation, in one site. Missed on current vs projected storage volumes.
We re-wrote the proposal that the management put together to include 2 years of growth, a georemote copy and the bandwidth to support data replication and the price of course went up - the management team lost it and denied the request.
I got a copy of the proposal done to the financial committee - NO WHERE did it mention the risk to the business if said data was not available. I've since re-written it with corrected risk analysis including the point that if the historical corporate financial data is unavailable, there is no substantiation of the corporate stock values, and if the historical billing data is missing the company is liable to the fed's for up to $500k *per day* of fines. Changed the financial committee's perspective. Sadly however, they still don't want to spend enough on the solution ..... I've explained why "good enough" isn't a final solution. Its all I can do.
Biting the hand that feeds IT
