ICT Health Checklists

By Lasa Information Systems Team

Preparing an IT strategy, facing up to a key decision, or even just reviewing the
way you manage IT day by day, is unlikely to be easy. One of the hardest things
may be knowing where to start. The checklists on this website are aimed at getting
you over that first hurdle - whether you're a Management Committee member, a
senior manager, or just someone who works with IT every day and feels they could
be in better control.
There are three sets of checklists:
• Checklist A for Management Committees and Senior Management Teams
• Checklist B for the staff member who has ICT management in their job description
• Checklist C for computer users
Although the checklists look at different areas of responsibility they do hang together as a
whole. It would be hard, for example, to meet all the criteria for effective users if
the ICT management and overall management were seriously deficient.
There are three levels for each section.
• Level 1 contains the elements that every organisation really ought to try to reach, in
order to ensure its basic health.
• Level 2 is a realistic target for those who want to make the most effective use of IT.
• Level 3 introduces advanced elements which are more likely to be relevant in larger
organisations or where an agency depends heavily on IT and needs to be ahead of the
field. Even then, most agencies will find that they do not need to reach Level 3 on
every item.
It would not be surprising for an agency to meet a few of the criteria at Level 2 even before it
has met all the criteria at Level 1. This is just in the nature of things: organisations devote
effort to different things at different times, and are bound to be ahead in some areas and
behind in others. Finding out which Level 1 criteria are not met, however, may be a useful first
step in setting priorities for the next stage of your IT development.
There are similarities here to the approaches taken both by PQASSO and by the Legal Aid
Franchising Self-Audit Checklist. Agencies already using one of those frameworks may be able
to integrate these checklists into their review procedures. The content, however, has been
written entirely independently, and no attempt has been made to relate items or levels to any
other scheme.

Checklist A - for Management Committees and senior management

teams
Topic Level 1 - Basic Level 2 - Advanced Level 3 - Specialist
Aims Your organisation has Your organisation's goals for Your organisation has a
clear aims, which can the next year or two are written three- or five-year
be related to the way written down, with the ICT plan which identifies the
you use ICT. implications spelled out. ICT element in each area
of activity
You periodically consider
the likely impact of future
ICT developments, and
their implications for your
organisation.
Responsibil Somebody has There is a staff member with You have arrangements to
ity responsibility for ICT clear responsibility for ICT in "shadow" your ICT expert,
Topic Level 1 - Basic Level 2 - Advanced Level 3 - Specialist
management and their job description, adequate in case they leave or fall ill.
policy (see resources and training, and
knowledgebase article realistic time for their ICT work.
Allocating and
recognising
responsibility for ICT).
Acceptable Your organisation You have a written Acceptable
Use understands the need Use Policy which has been
for an Acceptable Use implemented and computer
Policy but has not yet users are fully aware of it.
written one (see
knowledgebase article
ICT Acceptable Use
Policies).
Budget You can identify from Money for ICT is set aside in You have a fully costed
your accounts how your budget each year annual ICT plan, and
much you spend on All relevant funding provision in your budget
ICT each year. applications make a for a rolling programme of
contribution to ICT ICT replacement,
expenditure. upgrading and
development.
Risk You have carried out All ICT developments consider Job descriptions are written
Assessmen an ICT risk the Health and Safety aspect at with Health and Safety in
t assessment see the planning stage. mind - e.g. job diversity
knowledgebase article allows breaks from the
ICT Risk Assessment). computer.
Health & You have carried out a All IT developments consider Job descriptions are written
Safety Health & Safety risk the Health & Safety aspect at with Health & Safety in
assessment in relation the planning stage. mind - e.g. job diversity
to IT (see allows breaks from the
knowledgebase article computer.
Computer Health and
Safety).
Data You have registered You have a written policy Your policy is based on
Protection (notified) under the covering Data Protection, best practice, and is
Data Protection Act, if privacy and confidentiality. regularly monitored and
necessary. reviewed.
Software Standardisation is All machines are running the You have a policy on
Purchase taken into account in same version of the software software standardisation.
all software purchases All software is licensed
(see knowledgebase appropriately.
article Software
Standardisation).
Hardware Compatibility is taken You have a replacement policy
Purchase into account in all for computer hardware.
hardware purchases.
Training You set aside money All your computer users Your ICT planning is based
in your annual budget (including staff and volunteers) on regular training needs
for ICT training. have had relevant training. analysis for users (see
Topic Level 1 - Basic Level 2 - Advanced Level 3 - Specialist
knowledgebase
article Training Needs
Analysis).

Checklist B for the staff responsible for ICT management

Topic Level 1 - Basic Level 2 - Advanced Level 3 - Specialist
Inventory You know broadly the You have a written record
specification of each of of the full specification of
your computers. all your equipment and its
You know warranty status.
what software is You check regularly for
installed on each of unlicensed software in
your computers. use in your agency.
You can use inventory
software.
Technical You know how to You know how to work out You can, if necessary, carry
Knowledge unpack and set up a whether a small hardware out a small hardware
new computer, or a upgrade would be upgrade yourself.
new printer. worthwhile. You can adjust display
You know how to and monitor settings such as
install a new piece of resolution, number of colours
software or a software and refresh rate.
upgrade.
Maintenanc You know someone You have a maintenance Your support contract
e & Support reliable you can call on and support contract with includes provision for rapid
for maintenance and a person or company you disaster recovery.
technical support. trust and are Your support contract has
knowledgeable and guaranteed call-out times on
supportive. essential items (e.g. the file
You keep full records of server).
hardware faults and
maintenance call-outs.
Fault You have a system for You routinely analyse If a system stops working,
Finding recording computer your computer problem you have a good idea
Skills problems, and you records to identify whether the problem is with
take action to resolve training needs, the hardware or software,
them. inadequate software and and can often resolve the
potentially faulty problem yourself.
hardware.
Housekeepi You can remove old You can uninstall You have a process in place
ng files and directories. software, clean up and for regular housekeeping.
defragment disks.
You can install patches
and service packs.
Topic Level 1 - Basic Level 2 - Advanced Level 3 - Specialist
Network You know how to add a You can add a new Your network is regularly
Administrati new user to your computer to the network. monitored to assess its
on network. You can set up access performance and identify
permissions on shared housekeeping needs or
folders. bottlenecks requiring
attention.
User All new staff are shown There is a written
Induction how to use the computer induction
computer(s). procedure for new staff.
Accessibility You are aware of You are aware of the You have a resource library
accessible computing requirements of the of information and
and where to obtain Disability Discrimination equipment for users to try
advice. Act. out e.g. trackball mouse,
Your organisation's ergonomic keyboard,
website has been information on Windows
audited / tested for accessibility options.
accessibility and meets Your organisation's website
minimum requirements. complies with the W3C
(World Wide Web
Consortium) accessibility
level 2/3 guidelines.
You regularly check your
website for accessibility
problems.
Internet You know who your You have anti-spam
service provider is, software in place.
know how to renew You know how to deal
your domain name with adware and spyware.
registration and have
records of your
account details, user
name, password,
account reference etc.
You know what to do if
there is a problem
accessing the Internet.
Your website is kept
up to date.
User All new staff are shown All your computer users You have a training
Training how to use the have had appropriate programme to routinely
computer(s). training. upgrade users' skills.
All changes to your You have at least one
computer system have a "super-user" for each of your
training element built in. main software packages, to
You carry out a regular IT help other users, develop
training needs analysis. macros, run in house training
sessions etc.
Topic Level 1 - Basic Level 2 - Advanced Level 3 - Specialist
Audit of You occasionally check You have a good sense of You are familiar enough with
Effective whether your whether most of your all your key software to be
Use computer users are users are using their able to check whether your
facing any particular computer systems users are using it effectively.
problems. effectively and what their You are aware of software
training needs might be. developments and their
potential benefit for your
organisation.
Backing Up You have back-up You regularly test your If users need to recover files
procedures and check back-ups to ensure you they deleted some time ago,
that they are followed can restore files if this can be arranged.
(whether done necessary.
centrally or by
individual users).
You ensure that all key
files are backed up at
sufficiently frequent
intervals and copies
are kept securely off-
site.
Security You have up-to-date All incoming floppy Your network is run by a
anti-virus software, disks and e-mails are server which you are able to
and you check all disks virus-checked Key files administrate.
or files originating and systems are
outside your protected by passwords.
organisation. You enforce regular
All equipment is password changes on
security marked. your server based
Your Internet network.
connection has a
basic firewall.
Data All users have been You monitor your
Protection told their obligations organisation's compliance
under the Data with Data Protection in
Protection Act. respect of computer-
based data.
Insurance Your computers are Your insurance policy
covered on your includes cover for
contents insurance, on reinstating data from
a new for old basis. computers that are stolen
Laptops and other or damaged.
mobile devices are
covered for use
outside of the office.

The IT manager/co-ordinator need not necessarily be a technical expert. Their role is often to
know what should happen and how to make it happen (or whom to call in). This checklist is
more dependent on the size and nature of the organisation than the other two. In some
agencies the IT Manager may need only to meet Level 1 and a selection of criteria from Level
2. In others, the organisation may be large enough to employ technical experts so that, again,
the IT Manager doesn't need all the Level 2 and Level 3 skills themselves.

Checklist C for computer users

Topic Level 1 - Basic Level 2 - Advanced Level 3 - Specialised
Understandin You have been shown Your manager has You are able to suggest, or
g the role of how to use the computer explained to you how the develop, new ways of using
ICT in your job for your normal tasks. computer relates to the the computer to improve
You have been given and tasks in your job your job performance.
understand the description.
Acceptable Use Policy.
Basic Skills You know how to You know how to create You can convert files from
switch on the computer folders, move and copy one format to another.
and printer. files.
You can get into and out You know how to find a
of each application you colleague's documents if
need to use, and print the colleague isn't there.
your documents. You can change printer
You can save your work toner or ink, and use
and always find it again. labels or other non-
You can deal with basic standard paper.
printer problems, such as You can recognise and
paper jams. know what to do if you
You know what to do if suspect a virus has been
you delete something by sent to you by email.
mistake.
Support You know whom to ask if When you have a You can fix many problems
you have a computer computer problem, you yourself, with telephone
problem. generally learn how to support.
avoid it in future. You can identify possible
causes of many problems,
and talk knowledgeably to a
support person.
Training You were shown how to You have had formal You have had advanced
use the computer and training up to basic level training in the packages you
had time to practise in all the software you use most often.
using it. use. You are a "super-user", able
You have a regular to help other staff on one or
opportunity to consider more packages, and to set
your training needs. up macros, etc.
Data You know how Data You know whether You are able to comment on
Protection Protection affects you specific operations (e.g. how Data Protection works in
and what you must do to disclosing a mailing list) practice in your organisation.
comply with your comply with Data
organisation's policy. Protection or not.
Security You know how to log into You know how to change You know how to share and
any password-protected your password and check restrict access to your files.
systems you use. files or disks for viruses.
This list is not only for the users themselves. The computer manager should go through the
answers with each user, to identify areas where either the individual needs training or
support, or where the organisation needs to take action.