IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.79 Determining responsibilities in the area of
standard software
Initiation responsibility: Agency/company management
Implementation responsibility: Head of IT Section, Head of organisation
Prior to the introduction of standard software, a number of responsibilities
must be determined, such as for the drawing up of a requirement catalogue,
the pre-selection of products, testing and approval, and the installation.
Below is a proposal of how these responsibilities may be sensibly allocated.
As titles vary from organisation to organisation, some functions are described
according to their tasks:
- The specialist department is the user of the standard software. This
department states its need for new software and thus initiates
procurement. It is involved in the pre-selection and testing stages in
order to include the requirements of the user.
- The agency/company management is responsible for the approval of
the standard software. This responsibility is mostly delegated to the
Head of the Specialist Department. After approval of the software,
responsibility for correct usage of the standard software is transferred
to the specialist department.
- The IT area has the task of providing IT solutions to fulfil the tasks of
the specialist department and of guaranteeing correct and reliable
operation of the IT.
- The procurer must ensure the interoperability and compatibility of
the standard software and the adherence to internal standards and legal
stipulations. There are often IT Co-ordinators in the individual
departments who assume the tasks of the procurer and co-ordinate the
budgetary funds of the departments.
- The budget is responsible for accounting, the IT budget management
and for the provision of the necessary budgetary funds.
- The IT Security Officer must check whether an appropriate security
level can be guaranteed with the products used or to be purchased. As
part of the IT Security Management (c.f. Chapter 1), he must ensure
IT securing during current operation.
- The Data Privacy Officer must ensure adherence to the provisions
relating to data protection and adequate protection of person-related
data.
- The staff or work council must in most cases be involved in the
selection of new standard software, particularly if this means
considerable changes to work processes or if the software is suitable
for performance monitoring (see S 2.40 Timely Involvement of the
Staff / Factory Council).
Throughout the entire process concerning "standard software", it must be
determined for each step which of the above are implementation responsibility
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000