Your shout! On leadership in project management

In response to Tim Westbrock's article on the need to appoint an enterprise architecture champion (Computer Weekly, 9 November)

Have your say at

On leadership in project management

In response to Tim Westbrock's article on the need to appoint an enterprise architecture champion (Computer Weekly, 9 November)

The crucial role of a leader in delivering IT project success rings true across almost any technology implementation or project.

Leadership can play a make or break factor in IT project success. As the article suggested, a crucial leadership function is to ensure that everyone is engaged in the IT programme with a clear focus on short-, medium- and long-term goals. These must be constantly communicated throughout the programme or project to ensure this focus on results is maintained.

A focus on delivery, rather than activity, is paramount and part of the leader's role is to gain buy-in from everyone involved in the project - from internal teams to third-party suppliers - rather than just taking a top-down management approach to IT.

The champion of IT champions may still fail to lead a company to IT success if the rest of the company is not made to feel a true part of the project.

Ed Haysler, solutions director, ITNet

Day zero attacks need to be stopped at source

In response to Paul King's view that desktop anti-virus products used in isolation have had their day (Computer Weekly, 16 November)

Malicious code has advanced at a rapid rate, but reactive, signature-based anti-virus software relies on the same model as it did 20 years ago. Recent research has shown that the average window of vulnerability or signature delay time is 10 hours.

I agree that companies need to re-assess how to combat these attacks, and King's suggestion that a multi-layered approach to security "beginning at the network and finishing at the desktop" has some merit.

However, there is a more effective way of countering day zero security attacks.

The answer lies where the problem originates - at the internet level. Protection should be deployed here, before the malicious code gets anywhere near the network. Using internet level protection allows companies to take advantage of proactive services deployed on a global scale.

Organisations need to ensure that the products they rely on to protect critical assets are as developed as the threat itself. First generation, software-based products have failed to achieve this, and are no longer adequate in their own right.

Alex Shipp, senior anti-virus technologist, MessageLabs

Deadlines will hit SMEs supplying government

In response to the news item on e-government deadlines (Computer Weekly, 16 November)

It is not just councils who need to ensure they are compliant by January 2005, but the 800,000 businesses which supply goods and services to the government must also ensure they can trade electronically with local authorities from next year.

Of the total number of businesses selling goods to the government a large percentage do not have an online presence and are therefore not able to transact or apply for tenders electronically.

A large percentage of these organisations are SMEs and there are a number of reasons why they have not yet made the step to trading electronically. These include the perceived cost associated with having an online presence, a lack of education among the SME community, and a lack of suppliers able to provide the right package.

Meeting the deadline does not need to involve a huge change in the way businesses are run but a change in mindset about the use of technology.

Small businesses need to think beyond using technology just to manage the contact database but to interact with customers to improve not only the speed of communication but also the quality of service.

Alan Moody, UK managing director, Mamut



Why the stakes are so high with ID cards

David Blunkett's recent comparison of ID cards with loyalty cards is completely off track. He is wrong to compare the two when the underlying premise of loyalty cards is the choice to opt-in for tangible benefits in return.

An SAS survey into customer loyalty cards earlier this year identified that 56% of people believe that the loyalty card information held is non-intrusive - this is in complete contrast to the ID card which is being likened to Big Brother on a grand scale.

As always, the devil is in the detail. It is not collecting and holding high level data that is the issue - it is the potential ramifications on civil liberties if details about what people do and where they go are stored.

People are concerned that, in the extreme, ID cards could be used to monitor and highlight their personal behaviour.

However from a practical perspective, it is normal for organisations to look at millions of loyalty card transactions in one go to identify patterns of behaviour, clustering groups of people with similar characteristics - but not looking at specific individuals.

The bottom line is that if data is held at a highly detailed level on all individuals, it would be possible to drill down to what an individual has been doing. Given the potential for such information, the requirements of the ID card programme have to be as near 100% perfect as possible.

Incorrect ID card data may lead to an individual being flagged as a potential terrorist. With loyalty cards the worst thing that could happen is that you might get someone else's reward points.

Jason Goodwin, SAS UK


Multiple systems make best route for the NHS

It is becoming increasingly obvious that the new Cultural Revolutionary NHS will not be an overall success, as indicated by the possible GPs' boycott of the appointments system (Computer Weekly, 23 November). Some parts of it will be but most will not.

I stick to my view (Computer Weekly, 13 January) that the regional IT structure should be left to the local authorities and only the common links should be on a national scale.

A standard XML procedure and broadband system would give all those concerned the interaction they would require. Local systems do not have to be the same, they only have to look the same. An XML request would appear similar whatever its source. Regional centres could choose their own system and organically the best would gravitate to the top.

It would be in everybody's interest to move towards this system when it proved itself and expenditure would be spread over a larger time scale.

Some would argue that multiple systems are hard to support and not cost effective, but this does not allow for the fact that many authorities and suppliers have vast knowledge already and this is being ditched. The one-for-all approach means that a failure will affect everybody and the experiment will not be repeated.

New system design is basically simple. Find out what is really required. Is it possible? Can the present system cope with it and if not, can it be changed? Most of all why do you want to change it in the first place?

The advantages should always outweigh the disadvantages but this balance can be in the eye of the beholder. The greatest of all design attributes is common sense, this is usually the first attribute that goes out of the window.

Maldwyn Palmer


How responsibility is shared for NHS IT

I read with interest the article "Programme gets a new joint head" (Computer Weekly, 16 November) and would like to clarify one point.

As your story states, Alan Burns has been appointed to a new role leading the service implementation of the National Programme for IT into the NHS. But I would like to emphasise that Richard Granger is the senior responsible owner for the National Programme.

A formal announcement on Burns' appointment will be made in due course, which will include more details about his plans.

James Herbert, National Programme for IT


To keep or not to keep... that is the question

Maxine Holt's article warning about how e-mails may be used in evidence (Computer Weekly, 16 November) highlights a growing dilemma facing businesses today - to keep or not to keep.

With an estimated 50% of the largest global companies having no e-mail retention and deletion policy in place, it is an issue which needs to be addressed to ensure compliance with a raft of new legislation while not clogging up servers with useless information.

The article offered three approaches to e-mail archiving to ensure compliance with new regulatory pressures but did not stress the importance of having a sophisticated records management system in place which will help to store e-mails based on defined retention rules, rather than just archiving everything.

When it comes to a data retention policy it can be as much of a risk to the business to keep as not to keep, and it is often unnecessary to keep everything. The best approach is for the IT manager to work with other organisational staff such as the records manager to set up policies which dictate what should be kept, deleted or stored off-site and when it should be destroyed.

This will ensure that servers are not full of useless information, help prepare the business for the inevitable exponential increase in data volumes in the future and ensure the business is safe from litigation.

Liz Maloney, Hummingbird UK

Read more on IT project management