Search in ISMS Guides

Google
 

Saturday, July 21, 2007

Information Lifecycle Management

From Wikipedia, the free encyclopedia

Information Lifecycle Management refers to a wide-ranging set of strategies for administering storage systems on computing devices. Specifically, four categories of storage strategies may be considered under the auspices of ILM

Policy

ILM Policy consists of the overarching storage and information policies that drive management processes. Policies are dictated by business goals and drivers. Therefore, policies generally tie into a framework of overall IT governance and management; change control processes; requirements for system availability and recovery times; and service level agreements (SLA)

Management

Information Management consists of the practices that facilitate operational storage management. These include the principles that guide ILM; the storage management tools and practices; database management practices; system performance and monitoring; system configuration; capacity planning; and business controls. Business controls generally include chargeback, costing and P&L-related metrics..

Operational

Operational aspects of ILM include backup and data protection; disaster recovery, restore, and restart; archiving and long-term retention; data replication; and day-to-day processes and procedures necessary to manage a storage architecture.

Infrastructure

Infrastructure facets of ILM include the logical and physical architectures; the applications dependent upon the storage platforms; security of storage; and data center constraints. Within the application realm, the relationship between applications and the production, test, and development requirements are generally most relevant for ILM.

Definition

In the year 2004, attempts have been made by the Information Technology and Information Storage industries (SNIA association) to assign a new definition to Information Lifecycle Management (ILM).

* Information Lifecycle Management comprises the policies, processes, practices, and tools used to align the business value of information with the most appropriate and cost effective IT infrastructure from the time information is conceived through its final disposition. Information is aligned with business processes through management policies and service levels associated with applications, metadata, information, and data.

This is based on the desire to move information to less expensive means of storage and management based on its usage rather than evaluating its value to an organization and managing it accordingly. While there is a need to find a means to more effectively manage the vast quantities of information being generated electronically by organizations, the proposed IT practice is NOT by any means ILM, as it is classically known. ILM is as well part of the overall approach of ECM Enterprise content management.

Information Lifecycle Management (sometimes abbreviated ILM) is the practice of applying certain policies to the effective management of information throughout its useful life. This practice has been used by Records and Information Management (RIM) Professionals for over three decades and had its basis in the management of information in paper or other physical forms (microfilm, negatives, photographs, audio or video recordings and other assets).

ILM includes every phase of a "record" from its beginning to its end. And while it is generally applied to information that rises to the classic definition of a record (Records management), it applies to any and all informational assets. During its existence, information can become a record by being identified as documenting a business transaction or as satisfying a business need. And while most records are thought of as having a relationship to business, not all do. Much recorded information may not serve a business need of any sort, but still serves to document a critical point in history or to document an event. Examples of these are birth, death, medical/health and educational records.

Functionality

For the purposes of business records, there are five phases identified as being part of the lifecycle continuum. These are:

* Creation and Receipt
* Distribution
* Use
* Maintenance
* Disposition

Creation and Receipt deals with records from their point of origination. This could include their creation by a member of an organization at varying levels or receipt of information from an external source. It includes correspondence, forms, reports, drawings, computer input/output, or other sources.

Distribution is the process of managing the information once it has been created or received. This includes both internal and external distribution, as information that leaves an organization becomes a record of a transaction with others.

Use takes place after information is distributed internally, and can generate business decisions, document further actions, or serve other purposes.

Maintenance is the management of information. This can include processes such as filing, retrieval and transfers. While the connotation of 'filing' presumes the placing of information in a prescribed container and leaving it there, there is much more involved. Filing is actually the process of arranging information in a predetermined sequence and creating a system to manage it for its useful existence within an organization. Failure to establish a sound method for filing information makes its retrieval and use nearly impossible. Transferring information refers to the process of responding to requests, retrieval from files and providing access to users authorized by the organization to have access to the information. While removed from the files, the information is tracked by the use of various processes to ensure it is returned and/or available to others who may need access to it.

Disposition is the practice of handling information that is less frequently accessed or has met its assigned retention periods. Less frequently accessed records may be considered for relocation to an 'inactive records facility' until they have met their assigned retention period. Retention periods are based on the creation of an organization-specific retention schedule, based on research of the regulatory, statutory and legal requirements for management of information for the industry in which the organization operates. Additional items to consider when establishing a retention period are any business needs that may exceed those requirements and consideration of the potential historic, intrinsic or enduring value of the information. If the information has met all of these needs and is no longer considered to be valuable, it should be disposed of by means appropriate for the content. This may include ensuring that others cannot obtain access to outdated or obsolete information as well as measures for protection privacy and confidentiality.

Long-term records are those that are identified to have a continuing value to an organization. Based on the period assigned in the retention schedule, these may be held for periods of 25 years or longer, or may even be assigned a retention period of "indefinite" or "permanent". The term "permanent" is used much less frequently outside of the Federal Government, as it is impossible to establish a requirement for such a retention period. There is a need to ensure records of a continuing value are managed using methods that ensure they remain persistently accessible for length of the time they are retained. While this is relatively easy to accomplishing with paper or microfilm based records by providing appropriate environmental conditions and adequate protection from potential hazards, it is less simple for electronic format records. There are unique concerns related to ensuring the format they are generated/captured in remains viable and the media they are stored on remains accessible. Media is subject to both degradation and obsolescence over its lifespan, and therefore, policies and procedures must be established for the periodic conversion and migration of information stored electronically to ensure it remains accessible for its required retention periods.

Information Lifecycle Management

IT asset management

From Wikipedia, the free encyclopedia
Jump to: navigation, search

IT asset management (ITAM) is the set of business practices that join financial, contractual and inventory functions to support life cycle management and strategic decision making for the IT environment. Assets include all elements of software and hardware that are found in the business environment.

Software asset management

Software Asset Management applies to the business practices specific to software management, including software license management, configuration management, standardization of images and compliance to regulatory and legal restrictions—such as copyright law, Sarbanes Oxley and software publisher contractual compliance. Legal software use in an organization is enforced by such compliance companies as Business Software Alliance, SIIA and FAST.

Software is referred to as entitlements so that SAM programs confirm the right to use, or entitlement to that software by the user. Automation is used to facilitate this management. Microsoft maintains a list of SAM providers to help customers manage their software.

[edit] Hardware asset management

Hardware asset management entails the management of the physical components of computers and computer networks, from acquisition through disposal. Common business practices include request and approval process, procurement management, life cycle management, redeployment and disposal management.

[edit] Role of IT asset management in an organization

The IT Asset Management function is the primary point of accountability for the life-cycle management of information technology assets throughout the organization.

Included in this responsibility are development and maintenance of policies, standards, processes, systems and measurements that enable the organization to manage the IT Asset Portfolio with respect to risk, cost, control, IT Governance, compliance and business performance objectives as established by the business.

IT Asset Management integrates the physical, technological, contractual and financial aspects of information technology assets to enable a holistic and proactive approach to achieving the objectives.

[edit] Goals of ITAM

ITAM business practices have a common set of goals:

* Uncover savings through process improvement and support for strategic decision making
* Gain control of the inventory
* Increase accountability to insure compliance
* Enhance performance of assets and the life cycle management
* Risk reduction through standardization, proper documentation, loss detection

[edit] Process

ITAM business practices are process-driven and matured through iterative and focused improvements. Most successful ITAM programs are invasive to the organization, involving everyone at some level, such as end users (educating on compliance), budget managers (redeployment as a choice), IT service departments (providing information on warranties), and finance (invoice reconciliation, updates for fixed asset inventories).

IT asset management generally uses automation to manage the discovery of assets, so inventory can be compared to ownership information. Full business management of IT assets requires a repository of multiple types of information about the asset, as well as integration with other systems such as supply chain, help desk, procurement and HR systems.