S 2.87 Installation and configuration of standard software

Initiation responsibility: Head of IT section

Implementation responsibility: Head of IT Section, Administrator

The approved software is installed on the IT systems intended for it in accordance with the installation instructions. In addition to the programs to be installed, the installation instructions also contain configuration parameters and the set-up of the hardware- and software environment.

Deviations from the installation instructions require the consent of the Approval Authority.

If the users are to install the software themselves, they must be provided with installation instructions which enable installation to be carried out independently. At the very least, pilot installation by a typical user should be overseen by the IT Department, in order to check the comprehensibility of the installation instructions.

As standard software is developed for a wide variety of application fields, it often contains more functions than are required to perform the specialist task. So that less problems and errors arise when working with the software, only the functions actually required should be installed. Functions which can lead to security problems must not be approved.

Both before and after the installation of software, a complete backup should be made. If there are subsequent problems during installation, the first backup can be used to recreate a consolidated re-run point. Following successful installation, a complete backup should be made again, so that if there are problems later, the situation, following the successful installation of the product, can be restored.

Successful installation is reported in writing to the office responsible for the acceptance of actual operation.

As an option, installation can be accompanied by the use of a so-called "delta tool" which documents all changes in an IT environment between two definable points in time. This documentation of changes is particularly helpful when it comes to the de-installation of software.

When a new product is used, any databases which were produced with a previous product must be taken over. If it has become apparent from the tests that difficulties may arise in this respect, help positions must be created for the user or acceptance of the old databases must be carried out centrally by trained personnel.

Additional controls:

• Which provisions are in force?

• What provisions exist with respect to possible deviations from the installation instructions?

• How is the success of an installation reviewed?