Operational risks and their minimization
Preamble
Everyone is familiar with the situation when the entire zoo consists of computers, laptops, tablets, copy machines, servers, active network equipment, etc. just one admin. He is an altruist, you do not think. He loves his job. He understands the topic. It is effective and eyes burn. But whatever one may say, when the entire IT function of an enterprise, even a small one, is tied to one person - this is such a big operational risk. I always ask the question: “What will happen if, for example, he falls ill or leaves one day without giving any reason?” How many days will you last until you find someone who will understand this zoo from scratch? No, really? Imagine that this person will not be tomorrow, and that you have run out of licenses, the Internet, paper in the printer, and a server with a database of clients has died.
The answer seems to be obvious:
- 1. Document all IT infrastructure far and wide.
- 2. Formalize IT processes to such an extent that any enikeyschik could cope with them. That there were no tasks for which the non-standard decision is required
How to do it?
- 1. Force an existing admin. But, given that so far nothing has been documented, getting him to do it the right way is a very dubious undertaking.
- 2. Hire an appropriate person who will systematically understand and describe everything, including IT business processes. (And when you find one for the right price, tell me his phone number!)
- 3. Buy a service from a company that professionally deals with such things. Count the minuses yourself, the pros - for perfectly sane money you get documentation, recommendations and well-regulated processes. Moreover, HR receives employee requirements in the event of a search.
I will dwell on the last point in more detail:
How it's done:
- 1. Coordination of goals and objectives with the customer. This may be an inventory and documentation of IT infrastructure. There may be formalization of processes and instructions. Maybe both.
- 2. Coordination of the format of the results. That is, in what form the customer wants to receive information.
- The first two points are very important to work out carefully, since both the customer and the contractor must proceed from point A to point B. And this should be B, and not the English “B” or Spanish “V”
- 3. Collection of information. At this stage, all technical data is collected using or without software, questioning and interviewing employees. At this stage, additional problems and risks often come out. The format for the provision of risks and recommendations for minimization is also agreed with the customer.
- 4. Analysis of the information collected. Everything that we managed to dig up at the previous stage is carefully studied and analyzed. The document “Potential risks and recommendations to minimize them” is being drawn up.
- 5. Documenting infrastructure. The physical and logical circuits of the network topology are created. A hardware inventory database is being created. Each server is documented, including a description of the installed software and the frequency of checking backups. If the fleet of workstations is impressive, it is proposed to use tools for automating inventory and accounting for licenses.
- 6. Development and documentation of IT processes. Instructions are being developed for users of "What to do if ...". Instructions and procedures for the administrator "What to do if ..." and "What to do if the user ...". With a large number of users, it is proposed to implement a help desk for accepting applications and monitoring effectiveness. All basic IT processes are described. Describes control points and measuring points on the part of management. The procedures for making changes are described and documented.
- Job descriptions and requirements are regulated when selecting a new employee.
- 7. Implementation. As practice shows, the introduction of procedures, regulations, and documentation causes rejection by both IT employees and ordinary users. Therefore, we need iron will and support for the most important thing. And constant monitoring plus KPI measurements.
Conclusion
This process takes more than one month and does not bring immediate benefits. This process addresses the strategic challenge of reducing IT risks. At the same time, the IT department becomes scalable, easily measurable in terms of efficiency, fully documented and transparent to the leader. This is not a black hole where you need to spend money, this is a function that effectively supports the business!