The IT Review Process – Part 2

by on 04/10/2009

This article is the second in a series providing best-practice guidance for an effective IT review and covers topics four to six of the ten topics: backup, IT support and environmental policy. Part one covered the IT environment, IT security and Business Continuity Planning and part three will cover projects, budget, strategy and IT management.

Part 1 of this series of articles can be found here and part 3 here.

A regular review of a company’s IT environment ensures maximum value for their IT expenditure and minimises the risk of IT failure. It highlights risks and inefficiencies in the current set up and details potential savings including those brought about by deploying new systems or technology.

FITM specialises in all aspects of the IT review process and provides an independent, cost-effective and thorough review, report and recommendations. Please contact FITM for further information.

IT Review Justification

Having a regular independent review of your IT environment is an excellent way to ensure that you are achieving the best value from your IT investment, that you are not exposing yourself to IT risks which you are not aware of and that you are taking full advantage of advances in technology.

Although nothing can guarantee that you won’t suffer from IT issues, having an annual review is a cost effective way to minimise this risk and to be able to prove due diligence should anything go wrong.

An IT review will frequently result in cost savings. It will show how to reduce system down-time, improve the performance of third-parties and highlight areas where the same or better services can be purchased at a lower cost.

Ten topics form the basis for a complete IT review. These are IT environment, IT security, BCP, backup, IT support, environmental policy, projects, budget, strategy and IT management. These ten topics form a complete and comprehensive view of a company’s current IT provision to stakeholders including the board of directors and other business heads. In order to carry out an effective and worthwhile review, these topics require a wide range of IT knowledge and experience.

IT Review Topics

Topic 4: Backup

It is estimated that 60% of companies that lose their data shut down within six months of the disaster. So, it is vital that every company has a full, thorough and tested backup regime.

A backup regime should provide:

  • A hierarchical structure. For example, a grandfather-father-son backup provides three sets of backups such as monthly, weekly and daily. The daily (son) backups are rotated on a daily basis with one graduating to weekly (father) status each week. The weekly backups are rotated on a weekly basis with one graduating to monthly (grandfather) each month.
  • Continuous or near real-time backup of changing data. For example, it should be possible to retrieve a copy of a spreadsheet as it was each time it was saved.
  • Full backups (not just data) which are stored off-site for business continuity use in case of disaster.
  • Regular data backups kept for the length of time required by legal, regulatory or data protection rules.
  • The ability to search backups for keywords etc if required for legal reasons.
  • Specialist backup of databases (e.g. the Microsoft Exchange email store, Microsoft SQL, Oracle etc.).
  • Secure encryption of data so that it cannot be read if it falls into the wrong hands.
  • Regular test restores of full, data and database backups.

Historically, backups have been written to tape and this is still a common mechanism. However, providing all of the features described above using tape backup requires human intervention, is complex and is prone to error. Online backup is increasingly used instead, or in conjunction with tape backup. Online backup provides a secure and reliable backup mechanism that allows data to be restored quickly and saves money.

Backup is critical to all businesses, but is complex to setup and administer effectively. It is extremely important to review and test your backup regime thoroughly and regularly.

Topic 5: IT Support

With technology now vital to every company’s survival, it is critical that IT support is effective. Although the costs of some of the high end support options can seem prohibitive, you only need to consider the effect on a business caused by losing a key system, email for example, for a day to realise that these costs are justified.

There are a large number of options available for providing IT support and the appropriate solution for a particular company depends on various factors including their size, views on outsourcing, in-house IT skills, system complexity etc.

FITM’s view is that SMEs will usually gain significant advantage by outsourcing their IT support to a third party. However, this is not a simple option, with the selection of an appropriate supplier being a complex process. The company needs to define their requirements and then find a company that can meet these requirements. Following selection come the vital stages of cost, contract and service level agreement (SLA) negotiation.

Whether IT support is handled internally or is outsourced, it is important that the quality of the support is monitored on a regular basis. A regular report should be produced giving performance against key business metrics. It is important that these metrics are relevant to the business (e.g. availability of an application) rather than relevant just to IT (e.g. help desk volumes). Equally important is that IT support is proactive rather than reactive. Reactive support comes and fixes your PC when it goes wrong, whereas proactive support monitors a PC, identifies a fault and fixes that fault without you even being aware that there is a problem.

Getting the best from your IT support arrangements is a complex subject and one that it is difficult for a non IT specialist to accomplish effectively. Get it wrong and you will be spending money unnecessarily and exposing the company to additional risk.

Topic 6: Environmental Policy

A sound environmental policy is important to every company not just because of corporate social responsibility, but because customers are asking for copies more and more frequently. The surprise is that green policies often cut costs as well, for example by saving on power consumption and hardware requirements.

An IT department can make a significant contribution to a company’s environmental policy and the IT policy should include:

  • Asset Management – extending asset life, disposal and recycling (UK firms are required to have documented proof of appropriate IT asset disposal).
  • Reduction of power and heat consumption.
  • Implementation of video and other conferencing technologies to mitigate the need for travel.

Some policies, such as turning PCs off at night, double sided printing and not over-cooling server rooms are very easy to implement. Recent technology has also risen to the challenge, with technologies such as server virtualisation, thin clients, more efficient cooling, power management software, energy efficient equipment etc. cutting a company’s carbon footprint and frequently saving money at the same time.

However, it should be emphasised that IT is only one part of a company’s environmental policy, and items such fleet fuel efficiency, international travel, green product design and remote working are equally important and easily overlooked.

FITM’s IT Review Process

FITM specialises in all aspects of the IT review process as described in this series of articles. FITM’s consultants are experienced in all aspects of IT Management and have partner arrangements in place to provide specialised technical knowledge if required.

FITM talk to your internal IT staff or support company as well as independently reviewing all aspects of your IT. From this they produce a report which summarises findings as well as making recommendations to reduce costs, improve performance and resilience and make cost savings. This report provides a non-technical overview of a company’s IT, which is a useful input to board level discussions about expenditure, risk, budgets and projects.

Leave a Comment

Previous post:

Next post: