Technology and System Management Policy
|Version: 1.00||Issue Date: 9/29/2015|
This Technology and System Management Policy ensures that new technologies and systems used by the organization work well within the framework of the organization and do not increase costs or cause compatability issues.
This Technology and System Management Policy will help ensure quality of systems and software while keeping systems compatable and supportablity ensured.
This Technology and System Management Policy requires organizational technology standards and a technological infrastructure plan to be created. It requires programs and systems to adhere to the organizational technology standards and technological infrastructure plan.
This Technology and System Management Policy applies to all new systems and programs and to all IT personnel. This policy is effective as of the issue date and does not expire unless superceded by another policy.
4.0 Capacity Management
A process (IT Capacity Planning Process) must exist to ensure that levels of use of IT infrastructure such as network capacity use and server capacity use are monitored and logged. The trends of changes to the capacity being used must be shown in the report and a forcast of expected future use must be created and reported to management. The forecasts must consider business environment changes. The data from the logs, forcasted changes, and maximum capability must be reported to management at least once per year with recommendations for capacity planning.
Management must act on the report results of capacity use and forcast in order to maintain required levels of capacity of IT resources.
The IT Capacity Planning Process must consider the ability to provide additional resources in a short timeframe when an unexpected increase in demand occurs.
5.0 Best Practices
Best practices must be obtained, studied and written into organizational standards and contracts with vendors to ensure appropriate quality of hardware, software, and other resources are provided.
6.0 Resource Acquisition
An acquisition strategy for procurement of resources and services must be created.
The acquisition strategy must consider new technologies, schedule requirements, cost, volume needs, and complexity of integration, design, and development.
Part of the acquisition plan may include partnerships with vendors considering combinations of price, service, and response time.
The acquisition strategy must consider emergency situations.
The acquisition strategy must be reviewed annually to examine vendor relationships and how well they support the customer needs especially related to timeliness, cost, performance, and support.
7.0 Design Quality
A user interface design methodology must be created.
The user interface design methodology must require ergonomic standards which comply with international, national, state, and local requirements.
The user interface design methodology must include tested models which consider what customers may do such as changing their mind on purchases, errors, and taking more or less time in navigating the interface (web site).
When project planning is done, the service requirements of users and the possible increased need for service quantity or quality must be considered.
When more than one business unit is being supported by a new project or the cost is high, proof of concept testing must be performed early.
When new equipment is added to the infrastructure, equipment is changed, or new projects are developed, where applicable, the disaster recovery and business continuity plans must be updated.
Any new technology used in the infrastructure must meet requirements for reliability and redundancy.
The infrastructure plan must be periodically assessed to be sure contingency planning is properly included and effective.
8.0 Technology Standardization
A process must exist so a limited number of operating systems are used in the organization. The use of too many operating systems or various programs that perform similar functions will increase costs of maintenance.
When choosing operating systems or software, the business needs must be considered. Business needs include cost, maintaniability, administration capabilities, and configurations.
Alternative operating systems or program candidates must be reviewed to determine ability to interface with current systems considering both compatibility and ability to migrate data.
The history of security exploits against any software under consideration for use must be considered. The time between when software errors are discovered and when they are fixed considering their severity must be considered.
An IT steering committee must exist and approve organizational technology standards.
Organizational technology standards must be communicated through the organization.
Organizational technology standards must be updated yearly when the technological infrastructure plan is reviewed. Stakeholders must approve strategies.
Training strategies must consider and be designed to support the organizational technology standards and technological infrastructure plan.
A list of approved vendors, software, systems, and other components must be maintained by organizational management. The approved vendors and components must conform with the organizational technology standards and technological infrastructure plan.
A process must exist which prevents acquiring systems or software which do not conform to the organizational technology standards and technological infrastructure plan.
New technologies must be evaluated to determine their possible contribution to business needs. Possible return on investment and other gains should be considered.
9.0 Technical Knowledge and Decisions
Information technology staff must be adequately skilled and only those with appropriate basic training and skills relevant to the duties to be performed should be placed.
Information technology staff must monitor technological developments and provide relavent information to management.
Third parties should be consulted when appropriate to confirm proposals from internal information technology personnel.
Information technology personnel should subscribe to technical periodicals and user groups. The organization should have a budget to cover these costs.
The organization should retain legal counsel to monitor changes to laws or regulations which may affect the technology infrastructure plan. Regualtions may include privacy laws, laws about reporting intrusions and any regulations which may relate to the business function.
Since following the Technology and System Management Policy is important for the stability of the organization, employees that purposely violate this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.
12.0 Other Policies
13.0 Additional Requirements
Approved by:__________________________ Signature:_____________________ Date:_______________