MTAS and other NHS websites
Ian G Batten
ukcrypto at chiark.greenend.org.uk
Wed, 9 May 2007 08:36:40 +0900
On 8 May 2007, at 21:54, James Davis wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> vickyvicky@egypt.com wrote:
>
>> The point that I was trying to make, though, is that this was a
>> one-off
>> goof. A mistake like this would not in itself have led to the site
>> being
>> off line for 10 days.
>
> It's difficult to understand how it can be described as a "one-off
> goof"
> when the problem, solution, and risk is obvious to anyone with a small
> amount of experience in the field.
You and I know that one-off goofs are no such thing, but are evidence
of deeper process failure. You and I know that behind a security
incident that gets found by a third party there are a hundred that
went unseen, and should have been followed up as `near misses' but
rarely are.
But you're talking to the profession that has resisted clinical audit
for generations, and is only in recent years waking up to the idea
that you can't just dismiss things as one-off goofs. Vickyvicky
would presumably have sat in meetings in Bristol and said ``one-off
goof'' of each child that didn't make it. Or if s/he wouldn't,
perhaps s/he could explain why this case is any less of an example of
a deeper failure.
ian