CMS single administrator (single point of failure)

pma111
pma111 used Ask the Experts™
on
I am trying to quantify risks with the current 'management' and roles & resp[responsibilities of our websites 'content management system' (concrete5). I have never administered a content management system for a website before, but my overall understanding on permissions is there is an admin level role which allows overall control, and then there are author level roles, which allow a number of users to edit content on specific pages or areas of the site. My concern, from a contingency perspective, is we only have 1 officer with admin permissions on the CMS, and the others are only author level roles. The concern being if the 1 current admin was unavailable for example ill health for a few months, what would grind to a halt in terms of the overall CMS management?

Back to the 'I have never administered a content management system for a website before' - if you are a CMS admin, what activities/maintenance/monitoring requires admin level permissions in a solution, or put another way, if nobody logged in as an admin for numerous weeks, what could the knock on effect be? I was also hoping to establish some standard maintenance checklists that the CMS admin has to perform, so if they were unavailable another officer could pick up their duties and would have an easy 'how to guide' on which to follow. Ideally supplemented with formal training.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Software Developer / Linux System Administrator / Managing Director
Commented:
As I see it there are a few things to consider primarily. I imagine that others may also post their thoughts. From a security perspective, someone needs to be able to keep the CMS software itself up to date. This involves ensuring that the CMS templates and content work with any updates that are to be applied and then applying said updates.  There is also the issue of backing up the CMS so that it could be restored in the event of damage. This involves backing up the site files and the database. Concrete5 has a database backup but I do not believe it backs up the site files.

The admin also needs to be aware of security issues that may come to light. Since most CMS systems, and Concrete5 is no exception, allow installation of extensions (sometimes calls plug-ins, addons, etc), you need to audit what extensions are in use and whether they are being actively maintained.

The server on which the system is operating also needs to be maintained and security patches applied. In my work, I have development versions of critical sites and they are hosted on separate systems. I always transfer live sites to the development systems and carry out upgrades and testing on these prior to updating live sites. This is a very simplified explanation of what I do, but covers it in essence.

Since a CMS allows users to create content, verifying that the content is safe (no malware, no bad links etc) is also something to be considered. If comments on posts are being allowed, are they being correctly sanitised?

These are my immediate thoughts. I am sure that others will add their own.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial