FDA STAFF MANUAL GUIDES, VOLUME III - GENERAL ADMINISTRATION
INFORMATION RESOURCES MANAGEMENT
INFORMATION TECHNOLOGY MANAGEMENT
PERSONAL COMPUTER REFRESH POLICY
Effective Date: 07/09/2007
|5. Effective Date|
|6. Document History|
The purpose of this document is to define parameters of personal computer (PC) refresh for the Food and Drug Administration (FDA) staff and on-site contractors (“contractor”.) This policy will ensure that the FDA is appropriately managing personal computing resources. The policy also outlines the responsibilities of key personnel in support of such requirements.
Prior to the inception of the Office of Information Technology Shared Services (OITSS) in October 2003, the FDA Centers were responsible for managing most aspects of information technology support services, including the provisioning of personal computers. Since the stand up of OITSS, and the subsequent standardization and consolidation of many of the IT support services, it has become apparent that the provisioning of personal computers can also be more efficiently and cost effectively accomplished through standardization and consolidation. Thus the necessity and opportunity to create a single PC refresh policy has emerged.
It is the policy of FDA to ensure that each employee and on-site contractor have the appropriate tools to do their jobs in order to assure the success of the FDA’s mission. With regard to personal computing devices, the FDA will accomplish this by complying with the following guidance and procedures:
1. Each FDA employee and contractor (as determined necessary by the Project Officer) will be assigned only one personal computing device, a standard portable laptop computer, which meets current technical specifications.
- A standard laptop configuration shall include laptop, port replicator, keyboard and mouse.
- Instructions for purchasing additional peripherals, including monitors, port replicators, full docking stations, keyboards and mice will be available on the ERIC/OITSS procurement web page.
2. Each standard laptop will be replaced once every three years. OITSS will notify users when their computer is due to be replaced and schedule the installation.
3. When a new personal computer (laptop) is delivered to an end customer, the old machine will be removed and the ownership of the old unit transferred to OITSS if the unit is not already the property of OITSS. This transfer will be initiated by the Center Accountable Property Officer (APO) within 10 business days after the pickup.
- If the customer is in possession of units for use in multiple locations, i.e. FDA office and home or travel locations, all old units will be turned in to OITSS at the time of delivery of the new unit.
- After removal, OITSS will degauss (remove all data from) the old equipment and surplus it following appropriate FDA surplus/disposal policies and procedures.
4. If a customer misses a scheduled installation appointment without providing one business day cancellation notice, their installation will be rescheduled at the convenience of the installation team. Installations are generally scheduled to take advantage of geographical proximity, and the rescheduling of a missed appointment will coincide with the next group of installations in the geographical area in which the customer is located.
5. OITSS will prohibit network access to unapproved devices. For example, if a customer who receives a new laptop does not turn in a unit used from another location, and Office of the Chief Information Officer (OCIO) exception has not been granted, the second unit will be removed from the network immediately when discovered.
6. Exceptions to this policy must be submitted in writing to the Technical Advisory Group (TAG) within OCIO via the non-standard hardware/software request process and will be considered on a case by case basis. Exceptions will be rarely granted, and the request must clearly explain the need and rationale.
7. A process for both funding the refresh, and accountable property management, will be established by the FDA Customer Council.
A. Chief Information Officer (CIO). The CIO has the overall responsibility for management of the Agency IT program, including the management of personal computing devices. The CIO is responsible for ensuring that a comprehensive and effective set of PC refresh policies and procedures are developed and enforced.
B. Office of Information Technology Shared Services (OITSS). The OITSS is responsible for the secure implementation, operations and maintenance of approved personal computing technologies in use within FDA. OITSS is responsible to provide technical guidance and support, including support on personal computing issues, to FDA PC users. OITSS is also responsible for following appropriate FDA surplus/disposal policies and procedures.
C. Center Accountable Property Officers (APO). Each Center Accountable Property Official is responsible for ensuring that replacement personal computing property is transferred to OITSS via accepted FDA Property Management policies and procedures in a timely manner.
D. Supervisors. Supervisors are responsible for ensuring that their employees are aware of all the policies and requirements of the IT resources they use. In particular, supervisors will ensure that employees are aware of required and prohibited activities relating to the operation and use of personal computing systems. Supervisors will also ensure that employees are aware of the potential for severe negative consequences, which could result from failure to follow established policies and procedures.
E. Users. Customers who use personal computing systems are responsible for compliance with all policies and procedures pertaining to the systems they use and are accountable for all activity performed under their User ID/password. Users are required to act ethically, and accept responsibility for safeguarding information resources under their control, whether that control is official or de facto. They must stay abreast of and comply with pertinent policies and issues.
F. Technical Advisory Group (TAG). The TAG reviews the technical impact of each standard change across the entire agency as well as reviewing requests for new IT Standards and Products and changes to the existing IT Standards and Products. Also assists the Chief Technical Officer (CTO) and CIO in making decisions and providing recommendations regarding technical standards.
The effective date of this policy is July 9, 2007.
|STATUS (I, R, C)||DATE APPROVED||LOCATION OF CHANGE HISTORY||CONTACT||APPROVING OFFICIAL|
|Initial||07/09/2007||N/a||Office of the Chief Information Officer (HFA-80)||Timothy Stitely, Chief Information Officer, FDA|