IT Best Practices?

[RedWolf]

Hi Guys...

It's the time of year at work where we're doing our annual performance reports. Besides the usual work related objectives we have to come up with three "Best Practices" - I guess preferabbly as applicable to an IT environment.

Essentially we need to identify a couple slick, useful processes used in other companies that might be useful in our environment. These can be simple things - just general processes.

Any ideas would be appreciated guys - I know a lot of you work in IT. I've completed all of my REAL objectives... it's just these BS brainstorming sessions that I'm lousy at.

 

[CruddyLeper]

1) Always assess and limit access needs to any computer system for its users. Flexibility and security should both be addressed.

2) Always have some sort of internal Usage Agreement so anyone who flagrantly abuses the system can be disciplined. If you're smart, make sure EVERYBODY who uses the system agrees to it.

3) Treat the data produced by the business as a tangible asset, and protect it accordingly. More than one business has folded because a company lost data on deals already done.

4) With the above in mind, try and make all systems paperless. This is an endless bugbear, but if IT system's don't at least reduce reliance on paper records then what is the point of them?

 

[RedWolf]

1) Always assess and limit access needs to any computer system for its users. Flexibility and security should both be addressed.

2) Always have some sort of internal Usage Agreement so anyone who flagrantly abuses the system can be disciplined. If you're smart, make sure EVERYBODY who uses the system agrees to it.

3) Treat the data produced by the business as a tangible asset, and protect it accordingly. More than one business has folded because a company lost data on deals already done.

4) With the above in mind, try and make all systems paperless. This is an endless bugbear, but if IT system's don't at least reduce reliance on paper records then what is the point of them?

Those are all great ideas but I'd say in general we're already addressing all of those issues. That's why this task is so ridiculous...

I'd say it's a testement to our managers that despite the chaos we really are following a good number of these industry best practices. But doesn't help me think of anything for this stupid performance review.

 

[JoeM]

General Rule no.1

If you can't explain what you are asking for...you can't have it.

 

[IglooDame]

IT best practice, like running specific service accounts instead of having services run under Administrator, and having both admin and user accounts for all administrator types (the admin account being jsmith! and the user account being just jsmith)?

And, keeping an offsite, updated copy of all documentation particularly account numbers, points of contact, and phone numbers for all circuits and major software?

And, periodically reviewing firewalls, servers, and PBXs for logins/holes/apps/etc that are no longer needed?

 

[Speedo]

If you can't explain what you are asking for...you can't have it.

You mean like when you're installing a $1000 piece of software on someone's comp and get the question "so what does this program do....?"?

 

[RedWolf]

Thanks guys.. Although I have to admit that we generally already do all of those things in one way or another.

Anythign else you can think of? They can be even more general - for example we've recently implemented "office hours" whereby users can only wander into the IT office at certain posted times of day.. so that we aren't constantly being hassled by peoplefor things. We took this "best practice" from another service oriented department and applied it to our environment.