This can sound like a dry subject, but it’s really important – and it concerns all of us!
Many will know from experience or from reports in the news how transforming IT can be when it hits the right spot, but also how IT projects and services can go wrong. Across the University, if you add up all the people costs, software licences, IT Equipment (servers, PC’s, printers, network, gadgets), support contracts etc – we spend at least £4m per annum on IT one way or another. In this new strategy, we are putting a stronger emphasis on Governance. Put simply, we need to make sure that we get the best value out of that annual £4m, that this spend supports the strategic aims of the University, and that we successfully manage risks and security in an ever more complex world.
Adopting the “ITIL” standard (IT infrastructure Library) will be a key foundation of this. ITIL is a widely adopted approach to IT Service Management, used across the world in the public and private sectors, as a tool for successfully identifying, planning, delivering and supporting IT Services to meet the aims of the organisation. It’s not just a tool for IT Services, it’s a broad framework that will allow us to drive continuous improvement and make effective decisions for the University.
We will pay particular attention on the proper authorisation routes for commissioning new IT developments. Many IT services are available externally – sometimes at low cost or “free”. But, they all can carry risks, none are truly “free” and they all need to be stitched together so that our staff and students have a coherent IT experience and we don’t accidentally duplicate anything. Sometimes, it is as important to say “no” as it is to say “yes”!
We also want to constantly remember the business case for each development so that we keep at the forefront the overall University objectives and make sure we know that these have been met.
In relation to IT – the management of risks has never been more important. It is anything but a box ticking exercise – we face real and constantly evolving threats on a daily basis to our existing infrastructure, and there are always potentially significant risks to consider when embarking on new IT developments. There are risks that our systems may fail. There are risks that may prevent IT developments from achieving their objectives. And there are wider risks that can be exacerbated by weaknesses on IT controls. As I write this, I see that a hospital trust has been fined £325,000 after confidential patient records were stolen from old computer drives that were not properly disposed of. IT Security rules and procedures can feel like a pain but when something goes wrong we realise their importance, so let’s not learn the hard way.