TAILIEUCHUNG - Quản lý và thực hiện các dự án Microsoft SharePoint 2010 - p 18

Một phương pháp quản trị đảm bảo rằng phần mềm phát triển sẽ được đầy đủ tài liệu và thử nghiệm trước khi nó được sử dụng, và có chủ định và gìn giữ máy chủ cho các thông tin quan trọng được truy cập đều nhận thức của sản phẩm. | 146 Chapter 8 SharePoint Customization Chapter 8 Enterprise Search o Build a custom content source. Enterprise Content Management o Build variations. o Portal personalization. A governance methodology ensures that developed software will be adequately documented and tested before it is used and that designated owners and server custodians for the critical information being accessed are aware of the product. Also SharePoint 2010 administrators must perform periodic risk assessments of SharePoint 2010 production servers to determine whether the controls employed are adequate. All SharePoint 2010 production and user acceptance platforms should have an access control system to restrict who can access the system as well as restrict the privileges available to these users. There should be a separation between the SharePoint 2010 production user acceptance development and test environments. Where these distinctions have been established development staff should not be permitted to have access to SharePoint 2010 test production or user-acceptance platforms. Likewise all production software testing must use sanitized information on the SharePoint 2010 user-acceptance platform. All applicationprogram-based access paths other than the formal user access paths should be deleted or disabled before software is moved into production. When developing SharePoint tools it is also important to designate ownership and control of those tools this is especially important when working with an externally provided developer who has been subcontracted. Because the client owns the development platform components such as SharePoint 2010 applications Web Part or application source code Web Part or application object code documentation and general operational data should be protected as if it were the client s property. When working with an external developer make sure that the source code will be made available to the client in their Statement of Works document. If that has not been done it is