Welcome » IT Booklets » Operations » Risk Mitigation and Control Implementation » Policies, Standards, and Procedures » Standards
Internally developed technology standards establish measurable controls and requirements to achieve policy objectives. Technology standards benefit an institution by defining and narrowing the scope of options and enabling greater focus by the supporting IT resources.
Standardization of hardware, software, and the operating environment offers a number of benefits and greatly facilitates the implementation and maintenance of "enterprise architecture." Standardization of hardware and software (including configurations and versions) simplifies the task of creating and maintaining an accurate survey and inventory of the technology environment. It can also improve IT operations performance, reduce IT cost (particularly in acquisition, development, training, and maintenance), allow the leveraging of resources, enhance reliability and predictability, contribute to improved interoperability and integration, reduce the time to market for projects that involve technology re-configuration, and alleviate complexity in technology risk management.
The degree to which an institution standardizes its hardware and software is a business decision. Management should weigh the benefits of standardization against the competing benefits offered by "best of breed" technology solutions. Management should also consider that certain applications will not function effectively on the "standard" platform, or that hardware will not function properly in a "standard" configuration. Institutions should adopt minimum technology standards to leverage purchasing power, ensure interoperability, provide for adequate information systems security, allow for timely recovery and restoration of critical systems, and ease the burden of maintenance and support.
Management should implement hardware, operating system, and application standardization through policies that address every platform from host to end user. A variety of automated systems and network management tools are available to monitor and enforce standards and promote version control in the mainframe, server, and desktop environments. Standardization is also enforced through the change management process and internal audits.