Key Policy Areas
The following general areas are those on which competent service providers have focused the bulk of their policy making and enforcement efforts:
- Process Standardization. As described in the previous section, key processes must be standardized and compliance to those standards must be enforced. Automation can leverage policy to mitigate the process risks inherent in any environment
- Hardware Standardization. By reducing the variability among makes and models in a production environment, administrators can develop deeper, more effective expertise. This policy allows a uniformly high-quality service to be delivered, regardless of the application functionality running on the hardware.
- Software Standardization. Consistent, approved configurations for ubiquitous technology components such as operating systems, databases, and application servers help ensure quality and reliability. The sidebar Defining & Enforcing Technology Policies describes the benefits enjoyed by an organization that used automation to manage compliance with important software standards.
- Security Compliance. Security policy compliance must be aggressively enforced, including patch management procedures, secure build standards, automated versus manual change implementation, and access controls.
- Best Practice Sharing. By encouraging the distribution of best practices - in the form of documentation, automation scripts, or even work habits - policies for knowledge sharing can help individual experts significantly improve the efficiency of the entire team.
- Vendor Governance. Efficiency and quality can improve when suppliers are held to standards for inventory management, sparing strategies, maintenance processes, and billing procedures.
The New Business of IT, OPSware Whitepaper available at Bitpipe