IT Equipment Purchase and Failure Prevention Policy

Version: 1.00Issue Date: 12/16/2014

This IT Equipment Purchase and Failure Prevention policy provides a guideline for the purchase of IT equipment when the equipment supports organizational identified critical services. This policy will name critical services and provide a guideline for purchasing technologies that are failure tolerant.

1.0 Overview

This IT Equipment Purchase and Failure Prevention policy provides a guideline for the purchase of IT equipment when the equipment supports organizational identified critical services. This policy will name critical services and provide a guideline for purchasing technologies that are failure tolerant.

2.0 Purpose

The purpose of this IT Equipment Purchase and Failure Prevention policy is to ensure that critical services are not interrupted by a single common failure. This IT Equipment Purchase and Failure Prevention policy provides standard guidelines to allow IT equipment purchased for essential services to have reliability built into the equipment. This is to prevent service outage for critical services.

3.0 Scope

This IT Equipment Purchase and Failure Prevention policy covers any computers providing critical services to the organization and is an internal IT policy. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Critical Services

Critical services which are required for normal operation of the organization include:

  1. File sharing service on a file sharing server.
  2. Web services to the internet
  3. Email services
  4. Database services for internal users and critical external applications.
  5. Critical external application servers.
  6. Domain controller servers
  7. Firewall to connect these services to the internet.
  8. Routers and switches to connect services to the network and internet.
  9. Systems supporting identified critical business processes.

Any servers or equipment that supports these services should adhere to this policy including connection equipment from the internet to these services.

5.0 Failure Prevention Equipment Requirements

All critical services are required to utilize redundant technologies or redundant equipment. Redundant technologies include:

  1. Dual power supplies on all servers providing critical services.
  2. RAID disk arrays to prevent one disk failure from interrupting services
  3. Uninterruptable power supplies that can provide power for a minimum of 1 hour to servers operating critical services in the event of a power outage.

6.0 Additional Failure Prevention Considerations

For services that are critical for income or operations that cannot be interrupted the following technologies are also recommended:

  1. A backup generator to ensure that long term power outages cannot interrupt service.
  2. More than one server for the same service where the servers use clustering or load balancing technology.
  3. Ensure that air conditioning and other environmental controls will still function when power is down. Consider coolant pumping and emergency power to all environmental control equipment.

7.0 Enforcement

Since use of failure tolerant equipment is important for critical services employees that do not adhere to this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________