AIS 02-19 - Information Systems Operations & Maintenance
AIS 02-19 - Information Systems Operations & Maintenance
1. Introduction
IT objectives and strategies must be aligned with the business objectives and
strategies.
This module also explains the different applicable frameworks for IT governance internal
controls and IT operations.
The Frameworks
The ISO/IEC 20000 standard for Information Technology Infrastructure Library (ITIL) is a
collection of management practices to guide the help desk for delivery of information
technology services. ITIL provides a comprehensive set of service management processes
focused specifically on what is needed to run a successful help desk.
The goal of ITIL is to control the delivery of high‐quality services while ensuring that they
remain cost effective.
Benefits of ITIL:
Reduced Costs
Improved IT services
Higher customer satisfaction
Less wasted effort
Improved management of third-party services
IT Operations
IT operations management
The goal of operations management is to sustain the business needs of the organization’s
daily user.
Organization Chart
The client’s organizational chart indicates who is in charge at each level, who each person
reports to, and what the basic functions are for each job.
Segregation of Duties
Importance of strong IT operations
Functions in IT Operations
IT Asset Management
Every IT department maintains control over numerous capital assets, including data and
software licenses. Managing digital assets requires the use of an ISO 15489–compliant
records management system to ensure proper governance by identifying each dataset to
protect, specify acceptable handling, track usage, and monitor for usage violations.
All IT systems are to be maintained in a systems life cycle by using the concepts of the
System Development Life Cycle (SDLC) and Capability Maturity Model (CMM). Without
these governance control metrics, the systems will become highly vulnerable or fail to
achieve the desired ROI.
IT Policies
Executive management and IT management are responsible for developing and issuing
policies that support agreed‐upon information technology objectives.
IT Standards
Operating standards are developed from ISO standards, adapted by managers, and then
approved for use by executive management.
IT Procedures
Operating procedures are developed by staff workers with the assistance of their manager.
Operating procedures include the handling of software licenses, mobile device controls, and
escalation procedures for user‐reported trouble tickets.
To support the operating procedures, the IT department must have job descriptions that
reflect the current requirements and responsibilities for each position.
The costs, risks, and responsibilities associated with maintaining an effective corporate IT
function are significant. Many executives have therefore opted to outsource their IT
functions to third-party vendors.
The scope of needs is unknown. Therefore, we need the help of someone more
experienced who should know what to do.
The current staff is not generating the expected results.
Management decided it would be better to let someone else do it.
Reduce operating costs while delivering this well‐defined level of service.
Benefits of IT Outsourcing:
Failure to Perform
Vendor Exploitation
Outsourcing Costs exceed Benefits
Reduced Security
Loss of Strategic Advantage