4.4 Select Operational Areas to Participate in OCTAVE
One of the key OCTAVE principles is focus on the critical few. This principle implies that you can focus the evaluation on selected areas of the organization rather than performing an exhaustive search of the entire organization. Setting a manageable scope for the evaluation reduces its size, making it easier to schedule and perform the activities. It also allows you to prioritize the areas of an organization for the evaluation, ensuring that the highest-risk or most important areas can be examined first or more frequently.
Setting the Scope of the Evaluation
The analysis team works with the organization's senior managers to select which operational areas to examine during the OCTAVE Method. You can use the following guidelines when choosing operational areas for the evaluation:
At least four operational areas are generally recommended, one of which must be the information technology or information management department.
If the information technology or information management department is dispersed, or managed as separate support groups, select a cross-section of those groups.
Select operational areas that reflect the primary operational or business functions as well as the important support functions of the organization.
Consider areas that are in remote locations or are different in terms of the type of work or support that they need.
Consider the time commitment that personnel will be required to contribute. Determine whether there will be significant conflicts with ongoing operations.
Consider areas that require electronic information to accomplish their functions.
Remember that these are only guidelines. The senior managers and analysis team members need to use their best judgment as to which areas to select to participate in the evaluation.
Key Questions for Selecting Operational Areas
In addition to taking into account the guidelines suggested above, answer the following questions as you select operational areas:
What areas of your organization are critical to achieving the mission of your organization?
What additional areas are critical? Have you considered your entire organization, including support functions?
Which areas would you (senior managers) like to participate in the risk assessment?
At this point your organization has selected the analysis team and operational areas that will participate in the evaluation. In the next activity you select participants from each operational area to participate in processes 1 to 3 of the OCTAVE Method.
|