Proven Leading Practices for Information Technology Operations
Information Technology (IT) Best Practices Guide
Learn MoreImplement an IT Infrastructure Library to Centralize Pertinent Information and Keep Everyone In the Loop
Best Practice (Good)
Adopt an IT Infrastructure Library to centralize pertinent information, provide procedures for configuration changes and patch updates, and provide process checks and balances. As a result, IT managers need to approve a new server or system configuration or operating system patch before it is rolled out to company endpoints or devices.
Typical Practice (Bad)
Perform configuration changes or operating system patches on an as-needed basis. IT employees should roll out patches and system changes as they see fit to fix certain problems or vulnerabilities as they are identified.
Benefits:
IT Infrastructure Library implementation seeks to avoid outages, create process checks and balances, centralize information, document server and other device configurations, and sets procedures for common issues such as operating system patches and software upgrades. By seeking management's approval on configuration changes and patch updates, everyone is kept up-to-date and a high level of policy compliance is ensured.
Periodically Train Employees on Security Awareness to Reduce the Risk of Errors and Damages
Best Practice (Good)
Provide detailed information technology security awareness training to new and existing personnel at regular intervals (yearly, quarterly, etc.), including contractors and other users of information systems that support the operations and assets of the organization. Security awareness training should be supplemented by the distribution of informational resources when policies are updated.
Typical Practice (Bad)
Provide new employees with company policy documentation concerning security awareness during new staff orientation. Employees are responsible for reviewing presented documentation and keeping up to date on company policies on their own.
Benefits:
Training employees and keeping them up-to-date on security awareness reduces the risk of potential errors and damages from occurring through human error, including falling prey to phishing emails or other spam content that seeks to place malware or malicious software on the company's network.
Use Clear Communication When Defining System or Application Requirements to Reduce Errors and Launch Cycle Times
Best Practice (Good)
Ensure business unit managers communicate with the IT Department and other relevant employees when defining the requirements of a system or application to be built. This keeps everyone in the loop and prevents any miscommunication between parties over what the application's requirements are. Proactive involvement and communication between these groups also ensures that unrealistic requirements are not built into the project plan.
Typical Practice (Bad)
Ensure that business unit managers create appropriate system or application requirement before handing them to the IT Department to build. The IT Department is then responsible to follow the requirements and ask business unit managers questions regarding the intended design and use of the application to be developed.
Benefits:
The sooner and more often relevant IT employees are able to contribute to and comment on a system or application's requirements, the fewer mistakes will be made in its construction due to a miscommunication or misunderstanding. Allowing everyone to contribute to the building of an application or system's requirements further ensures that business unit managers understand what is or isn't possible in a system or application and can vastly reduce the overall amount of time it takes to launch the system or application.