KENYA FORESTRY RESEARCH INSTITUTE (KEFRI) ICT PROCEDURE KEFRI/SOP/MR/010

Transcription

1 KENYA FORESTRY RESEARCH INSTITUTE (KEFRI) ICT PROCEDURE KEFRI/SOP/MR/010

2 KENYA FORESTRY RESEARCH INSTITUTE TITLE: ICT PROCEDURES MANUAL KEFRI/SOP/MR/003 ISSUE DATE: REFERENCE: TABLE OF CONTENT Information Communication Technology Management... 3 VERSION A REVISION 0 Page 2 of 8

3 KENYA FORESTRY RESEARCH INSTITUTE TITLE: ICT PROCEDURES MANUAL REFERENCE: KEFRI/SOP/MR/003 ISSUE DATE: Information Communication Technology Management 1.0 GENERAL 1.1 PURPOSE The purpose of this procedure is to ensure effective and efficient management of ICT in KEFRI. 1.2 SCOPE This procedure shall be applicable to management of ICT within KEFRI. 1.3 REFERENCE a) KEFRI strategic Plan b) Prevailing Performance Contract ( c) Vision 2030 Medium Term Plan II ( ) d) ICT Standards And Guidelines Ver. 0.1 (March 2011) e) ICT Master Plan Taskforce Report (March 2014) f) Information Systems Audit and Control Association (ISACA). (2008). Glossary of terms, TERMS, DEFINITIONS AND ACRONYMS a) KEFRI- Kenya Forestry Research Institute b) OEM- Original Equipment Manufacturer c) ICT- Information Communication Technology d) IT- Information Technology e) HICT Head of ICT f) Help Desk-A central call center for staff seeking ICT related support g) Ticket- A mechanism used to track detection, reporting and resolution of some type of a problem.

4 1.5 PRINCIPAL RESPONSIBILITY The DD TSS shall be responsible for ensuring that this procedure is effectively implemented 2.0 STEPS 2.1 General The following main steps shall constitute ICT management a) Systems Development & Management b) End-User/Client Support services c) Management of ICT Infrastructure d) Service and Repair of ICT equipment e) IT Security f) Disaster Planning DD TSS in liaison with HICT shall direct the various divisions, thematic areas and sections to submit their systems requirements 2 months before the end of a financial year Upon receipt, the HICT shall compile the requirements into a proposal, and incorporate them into the ICT division budget Upon approval of the budget, the HICT shall ensure preparation of the divisions procurement plan Based on the approved budget and procurement plan, the HICT shall ensure the ICT staff prepares work plans for implementation in course of the year In executing the work plans the following sub steps shall be followed for each of the main steps

5 KENYA FORESTRY RESEARCH INSTITUTE TITLE: ICT PROCEDURES MANUAL REFERENCE: KEFRI/SOP/MR/003 ISSUE DATE: 2.2 Systems Development & Management For systems to be procured / developed externally, the HICT shall ensure adherence to the procurement procedure For Systems to be developed internally, the HICT shall constitute technical teams For each of the system, the technical team shall; a) Develop a TOR in consultation with the user department b) Establish minimum (hardware or software) requirements The HICT shall in liaison with the respective team leader ensure development of the system through the System Development Life Cycle (Planning, Analysis, Design and Implementation) of the system Upon development of the system, the HICT shall ensure implementation of the system from piloting to go-live For systems to be managed externally, the HICT shall ensure supervision of outsourced service provider as per the applicable SLA For systems managed internally, the HICT shall ensure the respective officers attend to emerging issues of the system as need be. 2.3 End-User/Client Support Services The Help Desk Analyst shall receive a request from end user as per communication procedure Upon receipt, the Help Desk Analyst shall create a ticket for the request After creation of the ticket the Help Desk Analyst shall determine whether the request can be resolved off site and if it can be resolved renders the solution and update the user support register If the problem requires onsite support the Help Desk Analyst shall call in at site and undertake diagnosis After diagnosis the Help Desk Analyst shall determine whether the problem can be resolved there on site and if it can be resolved renders the solution and update the user support register If the problem requires, escalation, the Help Desk Analyst shall escalate the ticket to the Help Desk Supervisor or an advanced-level

6 support team member and notify the requestor when an issue has been escalated The Help Desk Supervisor or advanced-level support team member will determine if a resolution can be reached, or whether the problem needs to be further escalated If the problem can be resolved without further escalation, the Help Desk Supervisor will assign the ticket to a member of their team, noting the assignment (change of ownership) in the ticket The Assignee will update the customer according to the responsetime commitment grid until resolution can be achieved, resolve the matter and update the support register Where the problem requires external expertise, the HICT shall ensure adherence to the control of outsourced services procedure 2.4 Repair & Maintenance of ICT equipment The HICT at the beginning of every financial year shall ensure engagement of required service providers in repair and Maintenance of ICT equipment as per the control of outsourced services procedure Preventive maintenance shall be carried out by outsourced service providers as per the control of outsourced procedure In addition to the control of outsourced services procedure, the maintenance shall be carried out considering OEM recommendations, requirements of applicable codes and legislation within a jurisdiction The ICT equipment covered in preventive maintenance include computers, laptops, printers, scanners, Uninterruptible Power Supplies (UPS) and stand-alone servers The HICT shall through respective team members perform quarterly maintenance exercises in all regional research programs in accordance with best practices and OEM recommendations Service Summary Reports from the preventive maintenance exercises shall be reviewed by HICT immediately after the exercise and recommendations implemented. 2.5 IT Security The HICT shall ensure IT Security plans for KEFRI are developed and implemented The HICT shall ensure the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction of data regardless of the form the data may take (electronic, physical, etc.) by use of passwords, access list and Unified threat management appliances.

7 This will include a review of the current threats and evolving technologies The HICT shall coordinate Incident Response Planning and shall ensure incident response plans are created and executed The HICT shall select team members, define roles, responsibilities and lines of authority; define a security incident; define a reportable incident; train team members; manage the Incident Response life cycle as they occur i.e. Detection, Classification, Escalation, Containment, Eradication and Documentation The HICT shall implement Change management procedures for system-wide activities i.e. system upgrades for database, and Unified Communication servers The HICT shall constitute a Change Review Committee composed of representatives from areas to be affected [during a change management procedure], IT security, networking, systems administrators, Database administration, applications development, desktop support and the Help Desk The Change Review Committee shall review, approve [and allocate resources] or deny [and give reasons to] a change request The change review committee shall plan for the change request, assist in the scheduling of changes by reviewing the proposed implementation date for potential conflicts with other scheduled changes or critical business activities and communicate as per communication procedure The change review committee shall implement the change request. If the implementation of the change should fail or, the post implementation testing fails or, other "drop dead" criteria have been met, the back out plan should be implemented The change review committee shall document the change request results. The documentation includes the initial request for change, its approval, the priority assigned to it, the implementation, testing and back out plans, the results of the change review Committee critique, the date/time the change was implemented, who implemented it, and whether the change was implemented successfully, failed or postponed The change review committee shall hold a post implementation review of changes to understand the problems that were encountered, and look for areas for improvement. 2.6 Management of ICT Infrastructure The HICT shall through the respective teams ensure effective management of the ICT infrastructure.

8 ICT infrastructure refers to Area Networks (Local and Wide), Unified Communication systems, servers, cabling and active network equipment The HICT through respective teams shall plan, design, test, deploy and monitor operations of the ICT infrastructure The Network Administrator shall perform Semi-Annual Preventive Maintenance Visits to all Research programs in accordance to best practices and OEM recommendations Service Summary Report from the preventive maintenance exercises shall be reviewed by HICT within a week after the exercise and recommendations implemented Disaster Planning and Recovery The HICT shall ensure Disaster Planning and recovery for the institute is carried out Disaster Planning includes Risk Management and [offsite] data backup The ICT equipment covered in disaster planning include Unified computing Systems, servers, active network equipment and stand-alone servers The HICT shall Define IT risk analysis scope The HICT shall Estimate IT risk The HICT shall Identify risk response options The HICT shall Accept IT risk The HICT shall respond to discovered risk exposure and opportunity The HICT shall encourage effective communication of IT risk The HICT shall perform a peer review of IT risk analysis. 3.0 Applicable Records a) Job Cards b) Support Tickets c) Requirement proposals d) ICT work plan e) Systems TOR f) Minimum hardware and software requirements g) Change requests h) Divisions work plan i) Disaster planning and recovery records j) Semi-annual preventive maintenance k) Service summary reports l) Response-time commitment grids

9 m) Divisions procurement plan The Executive Committee having approved the use of this document, I....as the Director do hereby authorize its use. Signed: Date. VERSION A REVISION 0 Page 8 of 8