TOP things to address in managing an IT department – part 1

Here are my first 6 things to address in managing an IT department, not necessarily in order of importance.
So far I have come up with 36 in total but that may grow as the weeks pass and hopefully I will get some feed back if I have missed anything or anybody disagrees. 50 sounds a nice number to achieve.

1. Ensure you have a data backup plan
Essential that you create a backup plan. This needs to identify all key data and how it is backed up with frequency (daily, weekly), cycles and retention periods (eg.7 years) as a minimum. Also where the backups are stored and how the data would be restored. The backups and restores should be tested. Can't sleep at night without this.

2. Create a disaster recovery plan and test it regularly
Create a fully documented disaster recovery plan linked in with the organisations Business continuity plan. Defines how the IT systems will be recovered in the event of a disaster. Includes detailed instructions including provision of third party services. Must be tested at least annually if not twice a year. Sometimes the test is done unannounced to create a 'real as possible' situation. Links in with the data backup plan.

3. Develop an IT strategy aligned to the business
Review the business plans of the organisation, understand the issues and directions. Review the existing IT capabilities and then create a 3-year plan with the first year in some depth. Get the strategy agreed with the business executives. See earlier post on this subject.

4. Define the IT policies
Ensure that you define what policies are required for your organisation that are IT related and work with Human Resource department to get these written, approved and communicated to all staff. Will include things like Data Protection, Use of Email and Internet, Security, Data destruction and Disposal, Portable equipment, Firewall, Software licences, Home working etc. etc.

5. Create a security plan and test it.
It is important in this technological age that the IT resources are secure. Apart from the IT security policy, a plan on securing the IT environment should be established and implemented. Consider using external organisation to audit the security and carry out penetration testing on the external boundaries of your networks. Also consider complying with security standards (iso/iec 7799 - ISO17799) that now exist to gain accreditation.

6. Establish governance principles and methodologies
Establish the principles upon which you are going to govern the IT function. In some cases these may be forced upon you by the industry that you are in. i.e. Sarbanes-Oxley. There are a number of established methodologies around from COBIT, VAL IT, ITIL, to specifics for Development such as DSDM and for Projects such as Prince2 or PMI. Why develop your own when all these 'best practices' are around.