Files changed (1)
- What level of service is expected to be provided for end user support? In other words, what is the typical turnaround for an administrative request (e.g. new e-mail alias, additional storage quota, application installation)?
- Are there any other unique or interesting aspects to Customer Service that were not captured in the previous questions?
- Are personally-owned PCs or handheld devices allowed on premesis, allowed to use the infrastructure, or permitted for use in any official capacity?
- How is desktop hardware maintained? Is there a site-wide hardware maintenance plan, or handled at a departmental level?
- Are there any other unique or interesting aspects to End User Infrastructure that were not captured in the previous questions?
- What server OS are employed? What is the IT department's preferred platform (primary expertise), if any?
- How would you describe the overall capacity of the server infrastructure? What aspects are under-performing? What aspects have excess capacity?
- How is server hardware maintained? What is the maintenance plan? How are budgets allocated for maintenance and upgrades?
- Are there any other unique or interesting aspects to Server Infrastructure that were not captured in the previous questions?
- What are the bandwidth and throughput limits on the Internet connection? Are these physical limits or artificial (i.e. you could pay for more)?
- What are the consequences of Internet downtime? Who complains (internal and external)? Which staff members (if any) are disabled without Internet?
- Is a backup connection in place? Is it configured for automatic or manual failover? What services failover and which depend on the primary connectivity?
- Do you have an employee acceptable use policy? How frequently are employees required or encouraged to review the policy?
- How is configuration management maintained? How are deviations from a baseline configuration documented?
- Are automated logging and auditing tools employed to enforce policies? If so, which tools and how are they employed?
- Are there areas where policies and procedures are inadequate or where an inordinate amount of manual intervention is required to maintain the policies?
- What tools are used for centralized management (directory services, group policies, automatic updates)?
- Do you have any desktop virtualization infrastructure (VDI) plans? If so, what is the status of the effort?
- Is a formal disaster recovery plan in place? How is it updated? Are plans in place for in place for loss of critical resources (data, hardware, administrators)?
- Are there any other unique or interesting aspects to Centralized Management that were not captured in the previous questions?
- Do you have a security awareness program for employees? How frequent is the information refreshed? How frequently are employees required or encouraged to review the information?
- What connectivity controls (firewalls) are used throughout the organization? How are policies defined, refined?
- Has any formal penetration testing been performed on the information systems? If so, when and were all identified vulnerabilities corrected?
- How are access controls used to restrict access to sensitive resources (Active Directory roles, groups, machines)?
- Is data encryption employed (optional or compulsory)? How are keys managed? What is the recovery policy?
- Do you have a formal intrusion detection system (other than basic logging) for monitoring networks and alerting to anomalies?
- Are there any other unique or interesting aspects to Information Security that were not captured in the previous questions?
- Are external hosting providers used for any applications? If so, who provides the hosting and what are the applications?
- To what extent is cloud computing employed (i.e. Google docs, Amazon S3 storage, virtualized hosting)?
- What systems are employed for payroll, timekeeping, asset tracking and property management, logistics, and enterprise financials?
- What other databases exist at the facility (relational databases, object databases, custom data structures other than file systems)?
- What e-commerce mechanisms are utilized? Is this capability standardized or implemented at the departmental level?
- Does e-commerce customer data flow through the 4-H network or is it stored on 4-H servers? In other words, how is sensitive customer data (credit cards, personal identity info) integrated into the 4-H application services?
- Is a commercial Customer Resource Management (CRM) in use? Are there other CRM techniques employed?
- Are there any other unique or interesting aspects to Enterprise Application Services that were not captured in the previous questions?
- What is "hospitality software (Delphi, Visual One)", and how is it supported through IT, if at all (referenced in CNA)?