Operational risks and their minimization

Preamble

Everyone knows the situation when the entire zoo of computers, laptops, tablets, copiers, servers, active network equipment, etc. just one admin. He is an altruist, you do not think. He loves his job. He understands the topic. It is effective and the eyes are burning. But whatever one may say, when the entire IT function of an enterprise, even a small one, is tied to one person - this is such a sickly operational risk. I always ask the question: “What will happen if, for example, he gets sick or quits one day without explaining the reasons?” How many days will you hold out until you find someone who will understand this zoo from scratch? No, well, seriously? Imagine that tomorrow this person will not be, and you are out of license, the Internet, the paper in the printer and the server with the customer database has died.

The answer seems obvious:

• 1. To document the entire IT infrastructure up and down.
• 2. Formalize IT processes to such an extent that any enikeyschik would cope with them. To avoid tasks that require a non-standard solution

How to do it?

• 1. Make the existing admin. But, given that nothing has been documented so far, forcing him to do it in the necessary way is a very dubious undertaking.
• 2. Hire the appropriate person who will methodically understand and describe everything, including IT business processes. (And when you find this for adequate money, tell me his phone!)
• 3. Buy a service from a company that professionally deals with such things. Calculate the minuses yourself, the advantages - for quite sane money you get documentation, recommendations and clearly regulated processes. Moreover, HR receives employee search requirements.

I will dwell on the last point in more detail:

How it's done:

• 1. Coordination of goals and objectives with the customer. This may be inventory and documentation of IT infrastructure. There may be a formalization of processes and instructions. Maybe both.
• 2. Harmonization of the format of the results. That is, in what form the customer wants to receive information.
• The first two points are very important to work out carefully, since the customer and the contractor must proceed from point A to point B. And this should be B, not the English “B” or Spanish “V”
• 3. Collection of information. At this stage, all technical data is collected using or without software, questioning and interviewing employees. At this stage, additional problems and risks often emerge. The format for providing risks and minimization recommendations is also consistent with the customer.
• 4. Analysis of the information collected. Everything that I managed to dig up at the previous stage is carefully studied and analyzed. The document "Potential risks and recommendations for their minimization"
• 5. Documenting the infrastructure. Physical and logical network topology diagrams are created. A hardware inventory database is being created. Each server is documented, including a description of the installed software and the frequency of checking backups. If the park of workstations is impressive, it is proposed to use tools to automate inventory and license accounting.
• 6. Development and documentation of IT processes. Developed instructions for users of "What if ...". Administrator instructions and procedures for “What to do if ...” and “What to do if the user has ...”. With a large number of users it is proposed to implement a helpdesk for receiving applications and monitoring performance. Describes all major IT processes. Describes control points and measurement points by management. Procedures for making changes are described and documented.
• Job descriptions and requirements for the selection of a new employee are regulated.
• 7. Implementation. As practice shows, the introduction of procedures, regulations, documentation causes rejection of both IT employees and ordinary users. Therefore, we need iron will and the support of the most important thing. And constant control plus KPI measurements.

')

Conclusion

This process takes more than one month and does not bring immediate benefits. This process solves the strategic task of reducing the risks associated with IT. At the same time, the IT department becomes scalable, easily measurable in terms of efficiency, fully documented and transparent for the manager. This is not a black hole where you need to spend money, this is a function that effectively supports business!