S 2.2 Resource management

Initiation responsibility: Agency/company management

Implementation responsibility: Head of IT Section, Head of organisation

Resources (or non-monetary resources) for IT applications refers to all the items needed such as hardware components (computers, keyboards, printers etc.), software (system software, individual programs, standard programs, and the like), consumables (paper, toner, printer cartridges) and data media (magnetic tapes, floppy disks, streamer tapes, hard disks, removable hard disks, CD ROMs etc.).

Resource management comprises the following tasks:

• procurement of resources;

• testing prior to use;

• identification marking and

• stock control.

Procurement of resources is particular important where information technology systems are in use. Systematic procurement procedures will, in particular, support the objectives that use of information technology is intended to achieve: improved performance, cost-effectiveness, better communication possibilities.

As well as cost-effectiveness considerations, systematic procurement procedures - which can also be implemented centrally - can also ensure that greater account is taken of new developments and improvements in the area of information technology.

Moreover, central procurement will ensure the introduction and observance of an "in-house standard", which simplifies staff training and maintenance activities.

If resources are systematically tested prior to use, various threats can be averted. Examples are:

• verifying the completeness of deliveries (e.g. manuals) in order to ensure the availability of all components to be delivered;

• checking of new PC software and of new pre-formatted data media with a computer virus detection program;

• test runs of new software on special test systems;

• checking that new hardware and software components are compatible with existing components.

Only with stock control of the resources used can consumption requirements be determined and reorders set in motion. Moreover, stock control makes it possible to carry out checks for completeness, to check the use of non-approved software and to detect any misappropriation of resources. This calls for clear marking of the most important resources with distinct identification features (e.g. grouped serial inventory numbers).

In addition, the serial numbers of existing devices such as monitors, printers, hard disks, etc. should be documented to enable identification after a theft.

For stock control purposes, inventories of resources must be drawn up. Such an inventory must be able to provide information on:

• identifying characteristics,

• procurement sources, availability,

• whereabouts of the resources,

• stocks held,

• regulations governing issue,

• maintenance contracts, maintenance intervals.

To prevent the misuse of data, the deletion or destruction of resources should be systematic. In particular, wastepaper must be handled in an ordered fashion. There should be suitable means available for the disposal of consumables that have higher protection requirements, e.g. a shredder for paper. All consumables from which information could be gleaned, e.g. reverse-image film or faulty printouts, should be destroyed before disposal or be disposed of by a reliable specialist company. The same applies to the exchange of information-bearing spare parts, e.g. photoelectric drums.

Additional controls:

• Does stock control permit checks for completeness?

• What testing procedures have been introduced before actual use? What results have been obtained?

• Are procurement procedures controlled, or is it possible to circumvent resource management at any stage of the procurement process?

• How up-to-date is the inventory?

• How are consumables that are no longer required disposed of?