Organization Context Analysis Questionnaire

From OIAr Archive 2013
Jump to navigation Jump to search

This questionnaire is part of the OIAm methodology and was used to create the ArchiSurance profile. But of course it can be a convenient tool do describe your organization or your clients organization as well!

Questionnaire - Organization Context Analysis

You can use this Questionnaire to create a back-ground picture of the organization/division that you define infrastructure architectural artefacts for. You are free to select those questions of the list that suit your target. The ArchiSurance description in this demo wiki is based on this questionnaire.

Organization – Global Profile

  1. What is the organization’s field of work.
  2. What is the market position of the organization.
  3. What services and/or products are delivered by the organisation and how are they delivered.
  4. How many orderers/customers does the organization have.
  5. Does cooperation with other organization take place and if so which (kind).
  6. How many employees does the organization have.
  7. Which divisions or businessunits does the organization have and what is their size measured by personnel numbers (both own and hired workers).
  8. How many offices/sites does the organization have of what kind they are.
  9. What are the personnel numbers per office/site.
  10. What is the geographical distance between offices/sites.

Organization - Targets

  1. What is the mission of the organization.
  2. What are the most important challenges of the organization (e.g. achieving more efficiency, better customer intimacy, etcetera)
  3. The upcoming three years, which tree targets are the most important.

Organization - Processes

  1. What are the core processes of the organization and what are the service windows of these processes.
  2. What are the most important support processes (e.g. HRM, business administration, logistics) and what are the service windows.
  3. Which processes will be revised the upcoming three years.

Organization – IT-policy

  1. How is the IT-departement positioned within the organization and how/to what extend is it involved in decision making processes.
  2. Does the organization have an Information Security policy and how is it being used/maintained.
  3. Does the organization keep and maintain Information Lifecycle Management processes.
  4. Does the organization keep and maintain Continuity Planning.
  5. Does the organization support and enable SoHo/Telecottage workplaces.

Application Landscape – Application (cluster) NB: There is no need to describe all applications, just most important applications should be surveyed.

  1. What is the name of the application or cluster of applications.
  2. Which business processes are supported by the application, what is its target.
  3. Which divisions or business units use this application.
  4. Is a security classification applied to this application (cluster) and the data that is processed by it (for example a CIA-rating: Confidentiality, Integrity, Availability).
  5. What time of unavailability is sustainable for (business) users.
  6. Which ‘Mean Time Between Failure’ is acceptabel voor de applicatie.
  7. What is the (estimated) amount of stored data that is related to this application. Does this amount increase and if so, at what rate.
  8. What is the (estimated) amount of data that is being processed by the application (per hour/day/week/month).
  9. Does the application exchange time-sensitive data (like voice, video, interactive data).

IT-Operations

  1. Does the organization make use of ITIL or a comparable methodology to guide and structure operational processes.
  2. Does the organization use and maintain a Configuration Management Database (CMDB), is it up-to-date en what level of detail is being used.
  3. What is the structure of the operations organization from a competence point of view (support teams, number of members per team, skill levels).
  4. How is first, second and (if existent) third level support being structured.
  5. What is the performance of operations as perceived by end-users.
  6. Where are operational activities being carried out (centralized/on site/remote).
  7. Are (formal) Service Level Agreements (SLA's) in place with an internal operations organization (if existent) and if so, which ones.
  8. Are SLA’s in place with 3rd partys, like Service Providers, external hosting providers and outsourcing companies.
  9. Is Service Level Management being executed.
  10. Are Disaster Recovery Plans in place and being maintained.
  11. Is being made use of operational tools, like HP Openview or IBM Tivoli Suite and if so, which.
  12. Are Information Security policies and procedures actively being held and maintained.
  13. Is a Security Officer or Security Office present in the organization.