Mr. Gareth Thomas
DFID are currently embedding the key COE functions in our programme for reviewing Business Processes and Corporate systems (which is called Catalyst). As cost benefits will not accrue until improvements start to take effect, it is too early to measure cost savings.422W
Detailed information will be available in future once the Catalyst programme is fully in place and has had an opportunity to collect the necessary statistics.
Mr. Gareth Thomas
A series of audit mechanisms are in place within DFID to determine that all IT hardware and software products are being properly utilised. User guidance on Acceptable Use is in force and is published on the DFID Intranet (InSight).
The arrangements to track hardware assets are as follows:1. Details of PC and printer hardware are maintained in the Desktop Inventory software package by Peregrine. Equipment is held both by type and by allocated serial number, and details are entered at the time of issue (or re-4 issue) of to whom equipment is issued and where it is located. Periodic stocktakes are undertaken to confirm and to update the information held in the inventory database, and anomalies are investigated.2. Details of remote working laptop computers are held in a separate Microsoft Access database. This has been found to be more convenient from a support point of view since laptops tend to require rather more maintenance in service, and more configuration information can be held in this form of corporate record. Again, the equipment is recorded by a uniquely-allocated serial number, and is allocated to a named individual.3. A separate issue and return record is maintained for pool laptops, under which authorised individuals may draw a laptop, and sign for it when taking it out. Issues are time dependant, with users being responsible for the safe return of the equipment—late returns are followed up.
The arrangements to retold software products in use are as follows:1. DFID employs a standard desk top system, which is distributed to all users. The latest version of this is locked down —this means that only the system supervisor can load application software onto the machine, and executable program files cannot be downloaded from the Internet.2. The Information Systems Department will load other authorised software for specific individuals or departments who require it, but not until it has been fully tested to confirm that it does not interfere with any other, software loaded on the machine or the network.3. The Desktop Inventory product is used centrally to report on what software is loaded on DFID computers, and to check for the presence of files that contravene the central Acceptable Use Policy. Where suspicious files (eg. MP3,.jpg and.bmp files) are identified, these are either deleted or the reason for their presence is investigated by the Technical Security Manager.
Software licences are held and managed centrally, as a manual exercise at the moment. A Software Asset Management (SAM) system is currently under investigation to automate this process.
Operationally, user activity on the system, including file accesses, is logged, and the log files are subject to spot checks. User Internet activity is likewise logged and available for spot checks—this includes sites visited from remote working systems.