A lack of access/credentials is often a major showstopper -- it's hard to assess something that you can't get to! Allow appropriate padding to the schedule to ensure that customer credential/account provisioning systems/processes work. If the assessment is full-knowledge, make sure the consultants have access to any documentation, personnel and/or training that may be required. For example, a white-box line-of-business application assessment should begin with a review of software design and specification documentation, plus any necessary training on accessing software source code and bug-tracking repositories. Without these items, the assessment team can sit idle while the customer gets little value -- all due to a simple lack of preparation.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Another necessity of preparation is to ensure that permissions have been granted to assess all of the elements within scope. It never hurts to re-clarify with the customer if there are any doubts, particularly around partner/third-party systems that may be of unclear ownership. This issue commonly arises in outsourced data center hosting arrangements, where many organizations are hosted near each other by a common provider(s), and access to the customer potentially crosses third-party-owned infrastructure. Be sure that the assessment techniques being employed are well-understood by all parties, so as to avoid unnecessary risks of downtime or policy violations to unrelated systems.