FDA STAFF MANUAL GUIDES, VOLUME III - GENERAL ADMINISTRATION
INFORMATION RESOURCES MANAGEMENT
INFORMATION TECHNOLOGY MANAGEMENT
INFORMATION TECHNOLOGY ASSET MANAGEMENT POLICY
Effective Date: 12/11/2006
|8. Effective Date|
This Staff Manual Guide (SMG) establishes Agency Information Technology (IT) governance policy to manage FDA’s IT assets. FDA’s IT asset management function manages IT resources in such a way that FDA knows what IT assets it owns, where they are physically and logically located, who uses them, what services they support, what it costs to purchase, use, and retire them, under what contracts they were purchased and are maintained, when they are scheduled to be retired, and all other information that allows FDA to effectively manage its IT assets.
FDA’s IT asset management project provides a sound basis for IT incident management, problem management, change management, release management and capacity management.
This policy is issued to government and contractor staff supporting the Agency in terms of IT asset management.
The Clinger-Cohen Act of 1996 was passed to compel Federal organizations to be fully accountable for economic and efficient management of IT and directed agencies to establish a Chief Information Officer (CIO) position specifically for that purpose.
To be in compliance with the Act, the Agency requires that investments in IT be managed in such a way the IT assets associated with them are tracked in terms of cost, use and location from the time they are ordered to the time they are retired. The basic activities of IT asset management are as follow:
- Plan – Plan and define the purpose, scope, objectives, policies and procedures, and the organizational and technical context, for IT asset management.
- Identify – Select and identify the structure for all the infrastructure configuration items (CIs), including their owner, their interrelationships and configuration documentation. It includes allocating identifiers and version numbers for CIs, labeling the items, and entering them in the IT asset management database.
- Control – Ensuring that only authorized and identifiable CIs are accepted and recorded, from receipt to disposal. It ensures that no CI is added, modified, replaced or removed without appropriate controlling documentation, e.g. an approved Change request, and an updated specification.
- Account – The reporting of all current and historical data concerned with each CI throughout its life cycle. This enables changes to CIs and their records to be traceable, e.g. tracking the status of a CI as it changes from one state to another: for instance, ‘under development’, ‘being tested’, ‘live’, or ‘withdrawn’.
- Verify and audit – A series of reviews and audits that verify the physical existence of CIs and check that they are correctly recorded in the IT asset management system.
IT asset management provides the basis for a number of key functions of IT management:
- Incident management – The IT asset management database is used by Help Desk and troubleshooting personnel to confirm the IT assets associated with incidents, to research previous incidents on the same IT assets and similar incidents on other IT assets, and to identify other IT assets that may be affected by the same incident.
- Problem management – The IT asset management database is used by problem management personnel to help identify and correct root causes of incidents over time.
- Change management – The IT asset management database is kept up to date through the change management process. In turn, the IT asset management database can be used to determine what IT assets should be changed, based on their age, performance, and incident history.
- Release management – The IT asset management database is used to determine what IT assets should be replaced, upgraded or retired when a new release is implemented.
- Capacity management – The IT asset management database serves as the primary input for capacity modeling. In turn, capacity management identifies IT assets that may be causing performance problems in the present, and predicts the IT assets that will be needed to handle expected workload in the future.
IT asset management is the process of identifying and defining IT assets in a system, recording and reporting the status of IT assets and requests for change, verifying the completeness and correctness of the IT asset management database, and tracking the relationships between IT assets, services provided through use of the IT assets, and the cost of the IT assets and the services provided through their use. This definition, as well as those associated with the basic activities of IT asset management and the key IT functions supported by IT asset management, are from the Information Technology Infrastructure Library (ITIL) framework. The definitions of other terms and phrases used herein are provided in the FDA Master IT Glossary located on the OCIO Intranet website.
FDA’s IT asset management effort covers the following aspects of FDA’s IT infrastructure that handles data, voice, and video:
- Servers – The FDA-owned or controlled server hardware and middleware, and their major components
- Networks – The FDA-owned or controlled servers, routers, switches and cables and their major components
- Storage devices – The FDA-owned or controlled storage units, such as Storage Area Networks (SANs), and their major components
- Software – The FDA owned- or controlled software, particularly commercial off-the-shelf software, and its major components
- Desktops – The FDA-owned or controlled personal computers, workstations, and laptop computers, both within and outside of FDA spaces
- Hardware environment – The space, power, and air conditioning needs of IT hardware within FDA spaces
It does not include the following:
- Personnel – People are not tracked under IT asset management; they are managed by the FDA personnel management system
- Personnel environment – The environment in which people, rather than IT assets, reside is not tracked under IT asset management; it is managed by the FDA facilities organization
- Lost Equipment – SMG 26205 should be used as guidance for the reporting and accounting of lost equipment at the FDA. This function is managed by the FDA real property organization.
It is the policy of the FDA to manage its IT assets so that:
- The physical and logical locations and relationships, the disposition, the maintenance status, and the history of all of FDA’s IT assets are known at all times
- The type and amount of use of all of FDA’s IT assets in terms of personnel as well as IT services are known at all times
- The cost of purchase, maintenance, and retirement of each IT asset, the contracts under which it was purchased, is maintained, and will be retired, and the sources of funding for all related expenses are known at all times.
- FDA’s IT asset management-related service levels are on par with or better than industry standards
- FDA’s IT assets are sufficient to deliver the services they support
- Economies of scale in terms of IT asset purchases and use are taken advantage of where possible to save money
- New technologies are integrated effectively into the IT infrastructure when appropriate
- The IT asset management database contains the information necessary to maintain robust incident management, problem management, change management, release management, and capacity management projects
The responsibilities for all roles and governance bodies are the following:
- Oversees the functions of OITSS and other aspects of FDA’s IT organization that report directly to the CIO
- Signs off on IT asset management policy, processes, procedures and expenditures
- Assures that the efforts of OITSS are well-coordinated at a high level with other aspects of FDA IT
- Serves as the supervisor of the Director, OITSS
- Oversees the work of the IT asset management project as a member of the IT Infrastructure Transformation (ITX) program steering committee
- Oversees the Agency’s IT asset management efforts and other functions of OITSS
- Assures that the Agency’s IT asset management efforts are well-coordinated at a high level with the other functions of OITSS
- Serves as the supervisor of the Division Chief responsible for IT asset management
- Oversees the work of the IT asset management project as a member of the ITX steering committee
ITX Program Manager.
- Oversees the IT asset management project as part of the ITX program and a member of the ITX steering committee
ITX Steering Committee.
- Oversees the IT asset management project as part of the ITX program
- Approves or denies or requests further information on recommendations from the IT asset management project manager on how the project should proceed and how funds should be spent to support IT asset management
IT Asset Management Project Manager.
- Creates the Agency’s IT asset management policy, processes, and procedures, keeps them up to date, and reports to the ITX Steering Committee on their status and how well they are being carried out
- Recommends to the ITX Steering Committee changes to the Agency’s IT asset management policy, processes, and procedures
- Informs the ITX steering committee of the current and projected status of FDA’s IT asset management project
- Prepares recommendations for the ITX steering committee on how funds should be spent to augment the IT asset management capability to be prepared for the future
- Communicates with the IT asset management staff and the OITSS Division Chief responsible for IT asset management on operational IT asset management work.
OITSS Division Chief Responsible for IT Asset Management
- Supervises the personnel who perform IT asset management duties
- Keeps the Director, OITSS and the IT asset management project manager aware of operational issues related to IT asset management
IT Asset Management Staff.
- Follow the IT asset management policy, processes and procedures
- Perform IT asset management work
- Report the results of the IT asset management work to their OITSS Division Chief and the IT asset management project manager
Directors of Organizations Reporting Directly to the CIO.
- Assure that the IT asset management policy, processes and procedures are being followed within their organizations
- Assure that the efforts of OITSS and the ITX program, including IT asset management, are well-coordinated within their areas of responsibility
This policy is in effect until declared void by the FDA CIO or superseded by subsequent policy approved by the FDA CIO.
The effective date of this guide is December 11, 2006.
Document History -- SMG 3210.4, Information Technology Asset Management Policy
|STATUS (I, R, C)||DATE APPROVED||LOCATION OF CHANGE HISTORY||CONTACT||APPROVING OFFICIAL|
|Initial||12/11/2006||N/a||Strategic IT Programs, OCIO, HFA-82||Kathleen Heuer, FDA, Chief Information Officer (Acting)|