As mentioned in a previous post, the FedITAM Framework is the GSA’s answer to the burden of cost-effective IT asset management in an increasingly complex and fragmented public sector IT environment. Over the next few weeks, we’ll take a closer look at each of the six process areas addressed by the FedITAM Framework, beginning today with the IT architecture hardware and software approval process.
Three Questions to Ask Before Approving Hardware and Software
When it comes to effectively managing the approvals process for proposed and past IT acquisitions, the FedITAM recommends thoroughly exploring the following three questions:
What IT assets are approved to run on the network architecture?
As the backbone of its IT architecture, an agency’s existing networking technology guides many purchases – or should – on the basis of compatibility and interoperability. But even among the undoubtedly large array of products that play nice with your network, some strike a better price/performance ratio, are more familiar to users (and require less retraining), or are more suitable in some other way. Key to answering this question is having an always up-to-date understanding of your existing IT assets and a detailed plan for your system’s evolution.
What unapproved products are running on the network or are being purchased for deployment, exposing us to risk?
IT asset management is, to a considerable degree, risk management. And that risk can take many forms, some obvious and some not so much. Of course there are the risks to data safety and integrity, but managers should also be aware of issues such as limited upgrade paths and vendor lock-in, which threaten continued data availability and can lead to excess costs. There’s also software license compliance to keep up with, which can be a daunting job in itself.
Are we addressing the security areas of patch-management and network identity-management?
Patch and network identity management are critical to data security and integrity, as well as continued system stability and performance. One of the most challenging areas of IT asset management, assuring that software, firmware, and network identity systems are kept current demands a detailed understanding of the state of each piece of hardware and software in use throughout the agency, preferably using a solution that does not become just another management headache, itself.