LOC IT checklist

What you can learn from another agency's IT troubles

The Library of Congress is many things, but apparently a well-oiled IT operation is not one of them.  A recent Government Accountability Office report took the agency to task for "significant weaknesses" in its IT environment and offered a laundry list of recommended changes and improvements.

That 31-point prescription could benefit more than just the library, however.  While the report is specific to LOC IT, the recommendations can also serve as a checklist for any organization whose IT system could use a second look.

Here is a rundown of what the GAO recommends in general terms:

Have a CIO with a clear and authoritative role.
Make sure your CIO has defined responsibilities and authority, including responsibility for buying and implementing new IT systems as well as for ensuring IT systems work with specific projects and missions. Have a set process for how the service unit IT and the organizational CIO work together and make decisions.

Make sure the IT plan meshes with the overall mission.
Complete an IT strategic plan that works with an organization’s overall mission and has clear goals and performance measures.

Set specific timeframes for IT goals.
Set target dates to evaluate the current IT environment, as well as the desired environment, and outline a clear strategy for development.

Close up skillset gaps.
Identify whether employees need different or refined skills and then close those gaps.

Firm up investment management procedures on decision-making.
Identify who is responsible for making investment decisions and when. Link up IT strategy, enterprise architecture and IT investment management.

Ask where the funds go and if they’ve been well spent.
Require development investments to present complete investment data (i.e., cost and schedule variances and risk management data) at regular intervals. Implement a policy to inventory all IT assets as well as a way to review how well they worked.

Come up with a clear budget and process for new IT systems.
To plan for buying and implementing a new IT system, set specific IT requirements, cost estimates and a process for developing and maintaining project schedules.

Reduce risk by knowing how your IT security system works. Then test it.
The first step is creating an inventory of all IT systems. Then match up the security policy to the systems including a clear understanding of how they work (i.e. why some controls are used and some aren’t, ways to identify weaknesses). Have a regular method of testing the system for functionality.

Make sure the right people have the right security information and training.
Know who should and shouldn’t be able to make decisions on IT systems access. Identify who should have security and privacy training and make sure they get it. Make sure there is someone in charge of IT privacy who can regularly evaluate the system.

Have an evolving list of IT needs and goals.
Prioritize improvement projects with goals, schedules and a list of needed resources as customer feedback is received.

For the full report, click here.

About the Author

Suzette Lohmeyer is a freelance writer based in Arlington, Va.

inside gcn

  • open doors to cloud (Sergey Nivens/Shutterstock.com)

    New vendors join FedRAMP Connect

Reader Comments

Wed, Apr 22, 2015

Make sure there are some SOTE contractors to blame for not making everything work the way you thought the salesman said it would.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group