List, This is a hot topic as of late where I work: Once a system has gone into 'production' should testing, specifically security, be done on it if the system could be broken by the test itself? What is your take on this issue and why? Thanks for any ideas and feedback. Rob.