IT Employment

General discussion


Privacy of Historical Data

By AmjadM ·
Our ERP Implementation Consultant is insisting on a point which is in our opinion against the privacy of the companies real time historical data. The management is not willing to permit him or any consultant to view our historical data (such as , item master, price lists, costing details etc). The management is prepared to generate test data in as much qty as may be required by the consultant. But the consultant insists that he must have superuser accesses for all three environments i.e. (Dev, QA & Production) until the very day of Go-Live . Is he justified in asking for that?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Non-disclosure agreement?

by CharlieSpencer In reply to Privacy of Historical Dat ...

I assume you had him sign one. What's management's concern, that he's going to sell the historical info to your competitors?

Collapse -

no, as long as you can provide suitable data to mimic the

by Deadly Ernest In reply to Privacy of Historical Dat ...

normal operations and are prepared to sign off on acceptance testing with falsified data, he is way out of line asking for anything else. If you insist he's responsible for perfect operation in the real life environment, then there could be some area of concern for him to access to check things, but not until it goes live. Even then you could get by by having someone else with the relevant access codes working hand in glove as required.

Collapse -

A different view is

by AmjadM In reply to no, as long as you can pr ...

One of my friends has responded to your comments as follows:

You lost me when you said ?provide suitable data?. You got me right back when you qualified with ?prepared to sign off on acceptance testing with falsified data?.
These days, smart executives do not sign off on anything less than ?100% guaranteed?. Because they recognize loopholes and are not about to put their neck in one. I know I would not be able to provide that guarantee unless I tested on a copy of live data. The deliverable?s reliability would have to be qualified - and that?s a Catch 22. Both camps have reasonable positions. There will have to be some sensible negotiation.

Do you agree?

Collapse -

I don't think

by santeewelding In reply to A different view is

Any are interested in your "friend".

You stand or fall here on your own.

Collapse -

I haven't tested or certified new software for over a decade

by Deadly Ernest In reply to A different view is

but the last time I did it we had a bunch of false data for use by the development team. Once we were happy with that, we took a copy of the program and ran it on our own, using the last backup copy of the real data - none of the development team were allowed to see the data we used. The final test was to set it up on a server in parallel with a production server and run it in real time with the same data being fed to both - again, the development team weren't allowed to view the data or the output. In both these last two tests all data was purged from the test systems immediately we were finished with the tests. We did find a couple of things that needed correction in the final test and changes were made and a retest done. At no time did the development people ever lay eyes on real data.

By suitable data, I meant it had data of the correct types and sizes in the layouts and style in which the production side uses data - for example a database that's supposed to have name address etc has fake names and addresses, but they are laid out like real ones, as per the Data Dictionary said for that database - and do the same for the rest of the test data.

To sign off on the acceptance, the company execs will probably want to see it run with live data, but that doesn't mean the developer has any need or right to watch that test or see the data used. If the execs come back and accept, the developer walks away happy, if they say it doesn't work, yet it works with the fake test data, then it's up to the company to identify why the two data sets are different and provide that information to have the problem fixed. Often, an issue at this point is not a data difference, but the data input is NOT exactly as it was specified in the project proposal at the start because someone missed out on a minor data input method.

Collapse -

Word of Thanks

by AmjadM In reply to I haven't tested or certi ...

I appreciate your detailed answer. Your answer has solid guidelines for me.

Thank you very much.

Collapse -

You're welcome, much of that is the usual training given in

by Deadly Ernest In reply to Word of Thanks

software testing and evaluation courses - I'd have thought you'd have done one before being involved with such a matter. I strongly recommend you get hold of a couple of software testing and evaluation training course manuals and read them before the consultant gets too deep into the job; just so you know what they're doing.

Collapse -

At some point, you must test with real data.

by CharlieSpencer In reply to I haven't tested or certi ...

Don't sign off completion based on false or dummy data. Regardless of how much you think it replicates real data, there are always going to be some strange but correct records that will cause problems. Whether you give the consultants a recent backup or test using recent data yourself, you must test with real data.

I also agree with Ernest about running the new system in parallel with the old one. In addition to testing the new application, it will give some of your users the chance to test and learn how to use the application with test data. Their mistakes will not affect the production data still in use on the outgoing system.

Related Discussions

Related Forums