What you can learn from another agency's IT troubles
- By Suzette Lohmeyer
- Apr 16, 2015
The Library of Congress is many things, but apparently a well-oiled IT operation is not one of them. A recent Government Accountability Office report took the agency to task for "significant weaknesses" in its IT environment and offered a laundry list of recommended changes and improvements.
That 31-point prescription could benefit more than just the library, however. While the report is specific to LOC IT, the recommendations can also serve as a checklist for any organization whose IT system could use a second look.
Here is a rundown of what the GAO recommends in general terms:
Have a CIO with a clear and authoritative role.
Make sure your CIO has defined responsibilities and authority, including responsibility for buying and implementing new IT systems as well as for ensuring IT systems work with specific projects and missions. Have a set process for how the service unit IT and the organizational CIO work together and make decisions.
Make sure the IT plan meshes with the overall mission.
Complete an IT strategic plan that works with an organization’s overall mission and has clear goals and performance measures.
Set specific timeframes for IT goals.
Set target dates to evaluate the current IT environment, as well as the desired environment, and outline a clear strategy for development.
Close up skillset gaps.
Identify whether employees need different or refined skills and then close those gaps.
Firm up investment management procedures on decision-making.
Identify who is responsible for making investment decisions and when. Link up IT strategy, enterprise architecture and IT investment management.
Ask where the funds go and if they’ve been well spent.
Require development investments to present complete investment data (i.e., cost and schedule variances and risk management data) at regular intervals. Implement a policy to inventory all IT assets as well as a way to review how well they worked.
Come up with a clear budget and process for new IT systems.
To plan for buying and implementing a new IT system, set specific IT requirements, cost estimates and a process for developing and maintaining project schedules.
Reduce risk by knowing how your IT security system works. Then test it.
The first step is creating an inventory of all IT systems. Then match up the security policy to the systems including a clear understanding of how they work (i.e. why some controls are used and some aren’t, ways to identify weaknesses). Have a regular method of testing the system for functionality.
Make sure the right people have the right security information and training.
Know who should and shouldn’t be able to make decisions on IT systems access. Identify who should have security and privacy training and make sure they get it. Make sure there is someone in charge of IT privacy who can regularly evaluate the system.
Have an evolving list of IT needs and goals.
Prioritize improvement projects with goals, schedules and a list of needed resources as customer feedback is received.
For the full report, click here.
Suzette Lohmeyer is a freelance writer based in Arlington, Va.