LOC IT checklist

What you can learn from another agency's IT troubles

The Library of Congress is many things, but apparently a well-oiled IT operation is not one of them.  A recent Government Accountability Office report took the agency to task for "significant weaknesses" in its IT environment and offered a laundry list of recommended changes and improvements.

That 31-point prescription could benefit more than just the library, however.  While the report is specific to LOC IT, the recommendations can also serve as a checklist for any organization whose IT system could use a second look.

Here is a rundown of what the GAO recommends in general terms:

Have a CIO with a clear and authoritative role.
Make sure your CIO has defined responsibilities and authority, including responsibility for buying and implementing new IT systems as well as for ensuring IT systems work with specific projects and missions. Have a set process for how the service unit IT and the organizational CIO work together and make decisions.

Make sure the IT plan meshes with the overall mission.
Complete an IT strategic plan that works with an organization’s overall mission and has clear goals and performance measures.

Set specific timeframes for IT goals.
Set target dates to evaluate the current IT environment, as well as the desired environment, and outline a clear strategy for development.

Close up skillset gaps.
Identify whether employees need different or refined skills and then close those gaps.

Firm up investment management procedures on decision-making.
Identify who is responsible for making investment decisions and when. Link up IT strategy, enterprise architecture and IT investment management.

Ask where the funds go and if they’ve been well spent.
Require development investments to present complete investment data (i.e., cost and schedule variances and risk management data) at regular intervals. Implement a policy to inventory all IT assets as well as a way to review how well they worked.

Come up with a clear budget and process for new IT systems.
To plan for buying and implementing a new IT system, set specific IT requirements, cost estimates and a process for developing and maintaining project schedules.

Reduce risk by knowing how your IT security system works. Then test it.
The first step is creating an inventory of all IT systems. Then match up the security policy to the systems including a clear understanding of how they work (i.e. why some controls are used and some aren’t, ways to identify weaknesses). Have a regular method of testing the system for functionality.

Make sure the right people have the right security information and training.
Know who should and shouldn’t be able to make decisions on IT systems access. Identify who should have security and privacy training and make sure they get it. Make sure there is someone in charge of IT privacy who can regularly evaluate the system.

Have an evolving list of IT needs and goals.
Prioritize improvement projects with goals, schedules and a list of needed resources as customer feedback is received.

For the full report, click here.

About the Author

Suzette Lohmeyer is a freelance writer based in Arlington, Va.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected