Practices Related to the Management of Technical and Operational Infrastructure

Previous page
Table of content
Next page

Management of the IT infrastructure includes the overall maintenance or systems, user support, problem (incident) management, change management, and quality assurance. The IT department should use industry standards and performance measures to ensure that the IT functions meet the needs of the business through the IT organization's mission, vision, and strategy. The IT organization should establish policies for all phases of the system development life cycle (SDLC), which entails the acquisition, implementation, maintenance, and disposition of information systems. The SDLC should include computer hardware, network devices, communications systems, operating systems, application software, and data. It is important to note that some or all of the IT function might be outsourced to third-party providers, and those similar policies and procedures should exist in addition to the contract and service-level agreements (SLA).

Ensuring security of the information systems and their associated data is another function associated with the SDLC. Maintaining confidentiality, integrity, and availability of information systems ensures the continued economic viability of the organization. The security function is responsible for securing the physical facilities, hardware and software, and data. In addition, IT management must mitigate the risk associated with the disruption of business activities because of system failures or disasters.

Problem Management/Resource Management Procedures

Per the Information Technology Infrastructure Library (ITIL) Service Support Process Model, the goal of effective problem management is to minimize the adverse effect on the organization of incidents and problems caused by errors in the infrastructure, and to proactively prevent the occurrence of incidents, problems, and errors. Incidents or errors can range from hardware or software errors to malicious acts. IT should ensure that all users and administrators are properly trained to use the information systems associated with their function (proactive) and to implement problem-management systems to manage problem tracking, escalation, audit, and intrusion incident response. The IT organization should incorporate policies and procedures relating to problem management, including the recognition, logging, resolution, escalation, tracking, and reporting process. The procedures should define critical applications that require immediate escalation to senior management for priority resolution, as well as methods to ensure that all problems are captured, resolved, and reported.

Help Desk

The help desk is responsible for assisting end users with problems or issues with desktops or workstations, and personnel frequently participate in the configuration and deployment of new equipment, operating systems, and applications. The help-desk calls are usually logged within a help-desk ticketing system. The logging of calls provides information on when the call was received, the type of problem or error, and the resolution time.

Help-desk technicians can provide both remote and onsite support to resolve network, application, and database issues.

Scheduling

The IT function is responsible to users or customers and defines the level of service delivered to customers. Achieving the agreed service level requiresthe IT organization to manage workflow by planning expected and required capacity and properly planning activities. All work performed in the environment should be scheduled, to ensure that resources are used efficiently and effectively. The workflow of the IT organization should proceed at a steady rate, whether it pertains to normal operations or the introduction of new systems in the environment. The IS auditor should look for internal policies and procedures with regard to project and change management, as well as a clearly defined strategy that meets the needs of the organization over time. If work is either delayed or performed at the last possible minute because of poor planning, the associated controls are usually circumvented. This can lead to unstable and unsecured IT environments and ineffective use of IT resources.

Service-Level Agreements

According to the Foundations of Service Level Management, service-level management is defined as "the disciplined proactive methodology and procedures used to ensure that adequate levels of service are delivered to all IT users in accordance with business priorities and at acceptable cost." Organizations use a service-level agreement (SLA) to establish a common understanding of the nature and level of service required. The SLA should define specific targets for the level of service provided, as well as associated measurements. SLAs can be used in conjunction with third-party agreements or internally in organizations as performance measures. In addition, the service agreement should contain nonperformance clauses that define what happens if the agreed-upon service level is not met. These might include warnings, corrective actions, or financial penalties.

Key Performance Indicators and Performance-Measurement Techniques

It is generally accepted that an organization cannot manage what it cannot measure. Performance measures are used to ensure alignment through the use of performance metrics. Organizations might adopt performance metrics in a variety of areasmarketing, sales, and ITbut the foundation of the metrics remains the same: They ensure progress toward strategic goals over time by using standardized, objective, documented metrics.

As an example, the IT organization might have a commitment to complete all help-desk calls within 24 hours of receipt. Tracking this performance measure would include the regular review of help-desk calls and tickets for entry and closing date, as well as customer surveys to ensure that the issue was successfully resolved. This type of performance measure would be well documented and would include all tasks associated with measurement. For instance, if you measured only the ticket entry and ticket close time for help desk tickets, you might find that all fell within the expected 24 hours. Upon closer inspection, however, you might find that 50% of the time, the issue was not resolved. It is important to note that a performance measure that is not documented or thought out might not produce the expected results.


Previous page
Table of content
Next page
Exam Cram 2. CISA
Cisa Exam Cram 2
ISBN: B001EEFNHG
EAN: N/A
Year: 2005
Pages: 146
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Qshell for iSeries
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
FileMaker Pro 8: The Missing Manual
Information Dashboard Design: The Effective Visual Communication of Data
Sap Bw: a Step By Step Guide for Bw 2.0
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy