Nimble Logo Professional I.T. Services HoustonBusiness.com
about nimble  •  services  •  case studies  •  Cost Effective IT  •  careers  •  investors  •  Home Pagehome
Cost-Effective IT: Policies and Procedures

Cost-Effective IT: Tough Decisions, by Richard Sonnier

Houston Business Show "Advisor" Richard Sonnier, of the Information Technology Services firm Nimble Services, Inc., provides weekly information on our show about business technology issues. He can be reached at 281-445-4800 x250 or rsonnier@nimbleservices.com.

Last week, I reviewed some tough IT decisions. This week I will discuss IT policies and procedures.

Many policies and procedures are required to run a successful business. For IT a business needs to address the following:
  • Information Systems Operations
  • Information Security
  • Software Licenses
  • Hardware and Software Support
  • Backups
  • Disaster Recovery
  • Audit
For public companies the new Sarbanes-Oxley law has increase the amount of attention that management must give these policies and procedures. The law sets a higher standard for documentation and review of your information systems and other business processes. The key principle of the law is that standards must be followed and management must certify compliance with the standards. Fundamentally, a business needs to document its policies and procedures; and then ensure that the policies are being followed. Even if your business is not subject to the rigors of Sarbanes-Oxley, you should still cover these key IT areas with written documentation of your policies and procedures. This documentation should be reviewed and verified at least once a year.

For example, system backups are extremely important. Sometimes hardware fails or people make mistakes and vital information is lost. Backups allow you to recover the information. Yet surprisingly, many businesses either don't backup or have incomplete backups. Without backups a routine failure could become major emergency or even threaten the viability of the business. You should determine your backup policy and then implement a backup procedure to comply with it. Don't forget to test the backup system at least once a year by recovering some information. Many times backups appear to be working, but it is discovered that something is wrong or has been missed during recovery. Disaster recovery follows from good backups. At a minimum you should send a full backup to an offsite location once a month.

Another important policy is information security. Your security policy should answer questions like:
  • Do you require passwords to access your business information?
  • How often do you change these passwords?
  • Do you protect the private information of your customers?
  • Do you limit access to your business information?
  • Do you audit failed passwords or access violations?
  • Do you protect against viruses and other IT vulnerabilities?
Generally, you should do all of the above.

Next week, I will review IT strategies for controlling cost.
©2005 Nimble Services Inc. About UsContact Us
 Home PageHomeServicesCase StudiesWhitepapersForum