Governance Issues: Checklist for Platform Management

Platform planning determines the computing platforms (computing operating system, system software and middleware services) needed to support the applications. To assure that the platform plan represents the business reality, it is a good idea to adopt the following governance practices.  

Governance Checklist (Detailed)

1. Plan Platform Management

§         Establish a platform management process. The main idea is to make one or more staff members (depending on the size of the organization) responsible for platform management.

§         Identify the main platform components that need to be managed carefully (e.g., operating system,  databases, computing hardware, disk drives, etc)

§         Identify what needs to be managed (e.g., faults, performance, security, change) for each component. For example, fault management of operating systems, performance management of computing hardware, etc).    

§         Include platforms (especially critical servers) as part of disaster recovery plan.

 

 

2. Define, in Detail,  the Platform Management Approach 

§         Develop detailed procedures for managing different platform components. 

§         Change management (i.e., when is the system software to be updated and upgraded) is the main issue with platform management. The following questions should be asked before changing the system:

o        Who needs this upgrade (users, administrators, no-one)?

o        How important is this upgrade (required, optional)?

o        What will the upgrade cost (in terms of time and money)?

o        What will be the cost of not upgrading the system (time and money)?

o        What are the risks of upgrade (i.e., the possible impact on people or components that depend on the current version)?

o        When should the upgrade be done?  Rule of thumb: should not upgrade on a Friday afternoon, people forget what they have changed by Monday. 

o        What support level does the vendor provide if there are problems?

o        Could you back out the upgrade if there are problems?  

 

 

4. Monitor and Manage
the Governance Processes

§         Monitor compliance with policies

§         Monitor compliance with governance arrangements

§         Monitor effectiveness metrics

§         For Advanced Users;  Use platform management tools to monitor platform faults, performance, security and change management 

 

3. Enable the Platform Management Process

§         Deploy platform management  mechanisms and polices

§         Communicate and educate the staff on platform management  (especially change management)

§         Deploy procedures for platform  FCAPS (fault, change, accounting,  performance, and security) management  

§         For advanced users: Use configuration and change management tools and platforms  

 

 

 

Additional  Considerations:

§         COBIT (www.isaca.org/cobit/) has a section on “Acquire and Implement” domain that covers the following control objectives relevant to platform management: Acquire and Maintain Technology infrastructure (Platforms), Enable Operation and Use (Platforms), Manage Changes, and Install and Accredit Solutions and Changes.

§         ITIL (www.itil-officialsite.com) has a volume on Service Support that contains many topics of interest for platform management (e.g. Configuration Management, Change Management and Release Management).

§         Sarbanes-Oxley Act (SOX) section 404 is concerned with IT operational control processes and change management.  This material is applicable to platform management.

 

Our Suggestion: Please start with the simple checklist and later take a look at the COBIT “Acquire and Implement” domain. At a later stage, an overview of SOX and ITIL materials suggested above may be useful.