Implementation responsibility: Head of IT Section, Head of organisation
Prior to the introduction of standard software, a number of responsibilities must be determined, such as for the drawing up of a requirement catalogue, the pre-selection of products, testing and approval, and the installation.
Below is a proposal of how these responsibilities may be sensibly allocated. As titles vary from organisation to organisation, some functions are described according to their tasks:
The specialist department is the user of the standard software. This department states its need for new software and thus initiates procurement. It is involved in the pre-selection and testing stages in order to include the requirements of the user.
The agency/company management is responsible for the approval of the standard software. This responsibility is mostly delegated to the Head of the Specialist Department. After approval of the software, responsibility for correct usage of the standard software is transferred to the specialist department.
The IT area has the task of providing IT solutions to fulfil the tasks of the specialist department and of guaranteeing correct and reliable operation of the IT.
The procurer must ensure the interoperability and compatibility of the standard software and the adherence to internal standards and legal stipulations. There are often IT Co-ordinators in the individual departments who assume the tasks of the procurer and co-ordinate the budgetary funds of the departments.
The budget is responsible for accounting, the IT budget management and for the provision of the necessary budgetary funds.
The IT Security Officer must check whether an appropriate security level can be guaranteed with the products used or to be purchased. As part of the IT Security Management (c.f. Chapter 1), he must ensure IT securing during current operation.
The Data Privacy Officer must ensure adherence to the provisions relating to data protection and adequate protection of person-related data.
The staff or work council must in most cases be involved in the selection of new standard software, particularly if this means considerable changes to work processes or if the software is suitable for performance monitoring (see S 2.40 TimelyInvolvement of the Staff / Factory Council).
Throughout the entire process concerning "standard software", it must be determined for each step which of the above are implementation responsibility and which have to be involved. A sensible proposal for distributing responsibilities is summarised in the following table::
The allocation of these responsibilities should be set down in writing and it should be checked on a regular basis that the relevant procedures are correctly adhered to.
Additional controls:
Which provisions are in force?
Are all employees aware of existing regulations and the monitoring of these regulations?
Are all relevant bodies (e.g. staff council, budget department, Data Privacy Officer) involved to the appropriate extent?