What Does IT Systems Management Mean?
Systems management consists of a wide range of IT functions aimed at maintaining or enhancing an organizations IT local technology infrastructure, cloud computing services and software applications.
Responsibilities for overseeing the systems management lifecycle include:
- Determining organizational hardware and software requirements.
- Assessing whether progress is served or hindered by current software and hardware.
- Distribution and setup of new computing equipment.
- Overseeing IT equipment lifecycle, including maintenance, upgrades and replacements.
- Monitoring IT system components and reporting on use.
- Managing support for IT system components.
According to the U.S. Bureau of Labor Statistics, computer and information systems manager positions are experiencing 11% growth and the median pay is $159,000. Successful job candidates typically hold a Bachelor's degree and have the necessary soft skills to work closely with C-suite executives, as well as entry-level employees, to coordinate how technology can be used to meet business goals at all levels of the organization.
Today, the labels IT Service Manager, IT Asset Manager and Information Systems Managersare sometimes used as synonyms for Information Technology Systems Manager in job postings. When a corporate department or division has responsibilities for specific aspects of an IT system, the job description may be referred to as an opening in MIS (management information system).
Techopedia Explains IT Systems Management
As the IT world around us becomes increasingly complex with each passing year, an organization’s systems management has never been more important than it is now. However, the expansion of traditional IT systems to the cloud is making systems management more complicated and can create problems for support staffs.
Best Practice for Systems Management
It's important for companies of all sizes to ensure that comprehensive systems management practices are developed and implemented consistently across the organization to avoid key operational pitfalls.
To help improve capacity planning and ensure performance levels always remain high, systems managers should take the following steps:
- Implement security requirements for information systems.
- Separate development, test, and production environments.
- Manage the System Development Life Cycle (SDLC).
- Properly manage outsourced development and external system services.
- Track and manage information system interconnections.
- Develop and follow a configuration management plan.
- Establish baseline configurations for systems and devices.
- Establish and enforce a change management policy.
- Maintain capacity management controls.
- Set maintenance controls for systems and devices.
Information systems are critical for the success of any organization. There are several standard security requirements that should be in place for every information system, or class of information systems. By defining and implementing these security requirements, organizations will benefit by having a more reliable group of systems. This, in turn, enables organizations to understand how to best protect themselves from threats and vulnerabilities. These requirements are not for the development of systems and applications alone. They are also for the implementation, operation, and ongoing management of systems. Organizations are at risk of using improperly configured systems if standard requirements are not clearly defined, required, communicated and implemented.
Development, Test and Production Environments
Maintaining separate environments for development, testing, and production is necessary to reduce the risk of unintended changes to an organization’s production environment. This is necessary whether organization develops systems or applications internally, or only maintains a testing environment to test changes prior to implementation into the production environment (e.g., configuration updates, change requests, patching, etc.). Organizations cannot accommodate the risks associated with making changes to configurations, systems upgrades or application updates in the production environment without appropriate testing being completed in a non-production environment. If this happens, it will likely lead to system downtime or other unintended consequences that affect business operations.
System Development Life Cycle (SDLC)
Maintaining a system development life cycle (SDLC) is imperative for organizations that perform internal development efforts; however, this necessity is not exclusive to only organizations the perform development activities. All organizations that use information systems need to have some level of an SDLC process in place to support the management of the entire life cycle of information systems, applications, and infrastructure devices. As systems are acquired, they need to be properly configured. Many systems will require changes and all systems will require patching or updating and will eventually be decommissioned. A documented SDLC process enables organizations to manage this entire life cycle efficiently.
Cloud System Services
Contractual obligations need to be defined, specifically regarding the security requirements that organizations need to have implemented and maintained when working with external entities. Once defined, these requirements should be used to manage outsourced software development engagements, the use of external systems, and the use of external services. If these obligations are not agreed to, there is neither a guarantee that appropriate cloud security controls will be maintained by all appropriate parties, and there will not be any accountability if they are not.
If organizations have internal systems that connect to any external systems in order to support business operations, these system interconnections need to be tracked and appropriately managed. This will help organizations protect against the misuse or loss of data belonging to the organization. This also protects any in-scope data belonging to customers or consumers of the organization’s services.
A configuration management plan is necessary for the continued sustainment of approved configurations for an organization’s systems and applications. An effective plan should increase the efficiency with which organizations perform the initial implementation of information systems. The plan should also address the continued management of systems and devices.
Baseline configurations for information systems and infrastructure devices need to be established to support organizations by ensuring groups of information assets are configured with the same baseline controls and configuration settings. This enables more efficient management of changes, patching, and ongoing support for information assets. In addition to inherent security risks, a lack of baseline configurations could result in having too many configuration variables to test when new changes are planned for the production environment. This is likely to result in unintentional impact to operations when changes are implemented, even though they are approved.
No organization can tolerate or absorb the risks associated with authorized personnel making unauthorized or unapproved changes to systems or devices in the production environment. At some point, an event will occur which creates an outage or introduces unnecessary risk to the organization because a change was not properly requested, reviewed, tested, approved, and implemented successfully. Organizations need to have effective change management processes in place.
Capacity management controls need to be in place to ensure that existing operational systems maintain their capability to provide current services. Capacity management is also needed to accommodate future service needs as organizations grows. If a system or database runs out of computing power or storage as needs grow, organizations are inviting unnecessary problems that will affect the performance of operations.
Equipment needs to be appropriately maintained to help ensure business operations are not impacted by equipment faults or failures. Organizations need to assign appropriate maintenance controls to accountable personnel that are responsible for the continued, successful operation of equipment. Operations will be negatively impacted at some point if systems and device maintenance is not effectively managed.