Technology Planning Policy

Version: 1.00Issue Date: 9/29/2015

This Technology Planning Policy ensures that technology planning is effective by requiring a framework to be established and roles and responsibilities to be defined.

1.0 Overview

This Technology Planning Policy will help ensure that a framework for technology planning is used to implement technology planning.

2.0 Purpose

This Technology Planning Policy requires management to establish a framework for technology planning in the organization.

3.0 Scope

This Technology Planning Policy applies to organizational management and those designated to develop, maintain, or support the technology plan. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Technology Planning

  • Upper management must establish roles and responsibilities for developing and setting short and long range organizational technology plans. There must be an established owner of the plan and that person should be an upper management level person who is responsible for managing information technology facilities.
  • Upper management must establish procedures, performance measures, and methods to implement and maintain short and long range organizational technology plans.
  • The procedures for establishing and maintaining short and long range organizational technology plans must include a risk assessment.
  • The procedures for establishing and maintaining short and long range organizational technology plans must provide for the creation of the short term plan based on the long term plan goals. The short term plan must be created in a timely manner.
  • A process for developing and maintaining technology plans must be created and used. The process must require validation of data used to create the plan.
  • The organizational short and long term technology plans must align with each other.
  • Organizational short and long range technology plans must consider various business factors that may influence the needs and availability of information technology resources. The plans must consider quality assurance, costs and possible profits, competition, changes in markets and new markets.
  • Organizational short and long range technology plans must consider time frames covered by the plan, the organizational locations and willingness to expand, costs and revenue, partnerships, and willingness to change business processes or structure.
  • The long term technology plan must be reviewed a minimum of annually for validity considering changes to technology and business goals.
  • If the long term technology plan is changed, its impact on the short term plan must be considered and the short term plan must be changed if required.
  • Soon after the short term technology plan is created, a feasability study must be performed to determine the probability that the short term goals will be met in a timely manner and the impact on the long term plan. The procedures must allow for changes to both plans based on the results of the feasability study.
  • The short and long term technology plans must specify goals to be accomplished within time frames at set budget ranges. The plan must include the infrastructure and specify how new systems or functionality will be supported. The plan must specify who will be charged for services or deliverables and how deliverables will integrate into business processes. The plan must specify how systems will be delivered and who will be responsible for operating them.
  • The short and long term technology plans must specify services, processes, and functions to be delivered along with the reasons for the goals.
  • The technology plans must be consistent with organizational policies, procedures, and plans including but not limited to security policies, business continuity plans, incident response plan, and quality plans.
  • Assumptions used to create a technology plan such as the usefulness of a specific technology must be challenged by the plan development process.
  • The process used for developing and maintaining technology plans must provide for evaluation of various strategies and consider investment return, internal value of the strategy, and other decision support tools.
  • Staff working on the plans must be appropriately skilled and be aware of competitor activities along with technological changes. Third parties should be used to confirm information and add new information. Information should be forwarded to upper management.
  • New technologies must be considered for use based on their possible contribution to the organization based on business use, cost, and investment return rate.
  • Stakeholders must be involved in the formation of the plans and must agree and be committed to completing the plans. This must be done for initial and modified plans.
  • A process must exist to provide for the identification of stakeholders in both the long term and short term technology plans.
  • The technology plans must consider legal and regulatory requirements. The organization's legal counsel must monitor these requirements.
  • The technology plans must consider possible market changes and new technology that is becomming available and that may become available.
  • The technology plans must consider the requirements of business partners, suppliers, and other third parties that the organization relies upon.
  • The technology plans must identify required information technology resources.
  • The technology plans must specify specific goals and measurable performance indicators including deliverables and milestones.
  • A plan must be created for communication of short term and long term technology plans. Communication methods such as conferences, meetings, and publication must be identified.
  • When the technology plans are communicated, the ability to gather and evaluated feedback must exist in a process which allows for change to the plans based on feedback if necessary.
  • Upper management must have a process to allow for improvements to the process of creating and modifying technology plans and consider initial creation through communication and feedback.
  • The Information Technology Department must have a research budget.
  • The Information Technology Department must subscribe to technical periodicals.
  • The Information Technology Department must maintain memberships in technical and vendor user groups.
  • Migration strategies to new technologies must provide priorities based on their relative importance and interdependencies between systems.

5.0 System Assessment

  • A process(assessment) for determining the current structure and configuration of systems existing in the organization and the ways they support business processes must exist. Upper management has the responsibility for ensuring this process exists and is used annually to keep the records up to date. The technologies used and business processes supported must be documented.
  • The assessment of organizational systems should be primarily performed to help determine the requirements of the technology plans.
  • The assessment should determine the degree of automation in the organization, functionality, maintenance requirements and costs, complexity of systems, and stability of systems relating to their support of business processes.
  • An annual review of the current organizational and systems state(s) compared with the organizational short and long term technology plans must be conducted. Upper management must designate staff to conduct the review. The review should consider current capabilities, current plan requirements, and any issues preventing the plan goals from being realized. The annual review should consider industry standards and norms compared with organizational current standards and capabilities.

6.0 Information Architecture Definition

  • An information architecture model should be created and kept updated regularly. The model should conform with the long range technology plan. The information architecture model should ensure that information needs are identified and communicated so the needs are met in a timely manner.
  • The information architecture model must be commmunicated to all organizational staff.
  • The information architecture model must be used to assess current applications and future applications alignment with the short and long term technology plans.
  • The information architecture model should show organizational processes, supporting systems, and organizational divisions.
  • Both business and information technology personnel should be able to understand the information architecture model.
  • Upper management and the information technology group must create the information architecture model.
  • The information architecture model must include information exchanges with business partners whether current or planned in the future.
  • Procedures must be created to ensure that the information architecture model is updated as the organization changes.
  • The information architecture model should be compared to industry standards and best practices.

7.0 Information Architecture Communication

  • Definitions and data used to communication the information architecture should be controlled administratively.
  • Upper management should define business rules and definitions of data and terms to help clarify the information architecture.
  • A data dictionary should be kept and be detailed enough to communicate the information architecture as it applies to all applications.
  • Software should be used to manage the data dictionary.
  • A program to maintain data quality should be created so data is standardized, and keeps its integrity and consistency.
  • Change management controls should be applied to the data dictionary which includes upper management approval of changes. Controls should be applied to prevent changes without approval.
  • Data dictionary write access should be restricted to limited staff.

8.0 Information Technology Steering Committee

  • Senior management members should comprise an information technology steering committes. Members of the committee should be from different sections of the organization.
  • The steering committee should create and implement a technological infrastructure plan.
  • The steering committee should monitor compliance with the technological infrastructure plan.
  • The steering committee must create a process for creating and maintaining the technological infrastructure plan which requires the technological infrastructure plan to long term business objectives.

9.0 Enforcement

Since following the Technology Planning Policy is important for the stability of the organization, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

10.0 Other Policies

11.0 Additional Requirements

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________