This entry concerns a live application in which the principles of communities of practice have been used to supplement the delivery of a critical business process. The company concerned is a multinational pharmaceutical organization with annual sales in the order of £20bn and a workforce of 100,000 employees worldwide. One of the more critical IT services provided is that which defends the organisation’s computer systems against attack by malicious software (commonly called computer viruses). This service draws significant direct and indirect resources to provide an acceptable level of defence for the organization. The service manages the provision of this defence from the gathering of intelligence concerning latest threats through deployment of protective measures to reporting of metrics showing service performance and adequacy of defences.