AQA Information and Communication Technology/ICT5/Policy and Strategy Issues

The use of ICT has exploded, it is no longer used by just experts, so an IT policy is required to manage IT resources in an effective and efficient way and to avoid fragmentation between departments of IT systems.

A single IT policy allows for an overall view and control of an organisation's IT setup. It is important to ensure that the policy reinforces the overall strategy of the organisation.

If each section is allowed to develop individually, without an overall IT policy, it would make it difficult to introduce systems such as Management Information Systems

It is important to acknowledge the different needs of users when creating an overall IT policy, however.


 * The graphics department may need a higher spec of machine to deal with image/video manipulation
 * The publishing department may prefer using Macs.
 * Operational users may need to interact with the system in a different way to the tactical/strategic users.

A good IT policy will deal with issues such as:


 * Access to information - who needs it?
 * How will internal communication work
 * How will data be captured?

In order to be successful in the long-term, the IT policy will need to be flexible to deal with new technology, new requirements, and changes to the organisational structure.

Centralised approach
A centralised system is one where the whole IT system in an organisation is ran by a specific area of the company, sometimes called Information Systems.

It has various advantages, such as:


 * Increased hardware and software compatibility
 * The ability to take advantage of economies of scale
 * Ease of transfer of data
 * Simpler maintenance
 * Easier training/reuse of skills due to consistent interface

Decentralised approach
In this approach, each department has its own strategy and allows for them to plan their IT system exactly to their needs. This has several disadvantages, such as a lack of coherence among the whole organisation, and the lack of expertise.

Upgrading systems
There are various reasons you may wish to upgrade a system. For example, you may have a legacy system that is no longer supported by the vendor and is difficult to maintain and is inefficient. However, even current software may need upgrading. It may not be meeting the needs of the organisation, or the organisation may wish to take advantage of features that may exist in newer versions of the software, or may just want to improve performance with faster hardware. Changes in the organisational structure, objectives, or just a "cutting-edge" business culture may result in upgrades.

Don't upgrade

 * This is not always the cheapest option, although involves the least initial capital.
 * Is upgrading really necessary?
 * Is our current system sufficient to our needs?
 * There's no training costs or change management required, and little risk
 * The only costs are maintenance costs

Upgrade the entire system

 * This involves a lot of capital expenditure
 * Has large technical and support implications
 * This may involve a totally new infrastructure set up
 * High risk

Partial upgrade

 * Only upgrade who needs it
 * Cheaper than all at once
 * May cause incompatibilities in the IT systems
 * Medium risk

Future proofing
Future proofing is impossible, and it is impossible to know with certainty what the future will hold. It is only possible to prepare for what could happen.

This generally involves purchasing software with a clear upgrade path, or developing software making it easy to expand in the future. Alternatively, this could be purchasing systems with a higher specification than the organisation actually needs in order to allow for future growth.

A method of future-proofing is leasing, where an organisation leases it's IT systems, and does not actually own it. Therefore, upgrading occurs as part of the lease.

Emulation
Emulation is where software is used to run software which is not designed to run on a particular system. For example, software written to run on a specific hardware platform can be emulated to run on another using emulation software. Of course, it is impossible for this to be anywhere near as efficient as running it on the original hardware, but does reduce the hardware costs of having to buy many bits of different hardware. Additionally, an emulator may not fully emulate all the areas of the hardware it is emulating, so the program may not work as intended.

Hardware emulation also exists, where a piece of hardware emulates another piece to provide compatibility with systems designed to use that hardware.

Backup Strategies
This should be part of the corporate IS security policy, as backups are often a weakpoint in security of IS.

A backup strategy should ask these 3 basic questions:


 * How often? (the frequency)
 * What? (areas to backup)
 * Where? (storage of backup)

When deciding on an appropriate backup strategy, we must consider:


 * Value of data
 * Quantity of data
 * Frequency of data change
 * Resources available

Backup media
A range of backup media is available, from the old fashioned, but still popular, magnetic tape, Zip drives, or more recently, recordable DVDs and USB flash drives.

Other methods of backup could be online, including RAID (a redundant array of independent disks) which makes backups of data constantly.

Backup strategies

 * Full backups
 * All data is backed up
 * For large amounts of data, this takes a long time and requires a lot of space
 * Partial backups
 * Only part of the data is backed up at a time. For example, one night might backup the Payroll database, and on the next night, the e-mails are backed up
 * Makes large data sources more manageable
 * Incremental backups
 * Full backups are made occasionally
 * Incremental backups only back up what's different from the last full backup
 * Batch process
 * Similar to incremental backups, but used for databases
 * Grandfather-Father-Son Backup
 * Most popular method of backing up
 * A copy of the masterfile and transaction is made at the grandfather level
 * At the father level, a copy of the transaction file and the masterfile as a result of the grandfather master file and transaction file is made.
 * At the son level, a copy of the transaction file and the masterfile as a result of the father master file and transaction file is made.