S 2.26 Appointment of an administrator and his deputy

Initiation responsibility: Top Management, Head of IT, Head of Personnel, IT Security Officer

Implementation responsibility: Head of Personnel, Head of IT

To ensure the orderly operation of IT systems, administrators must be appointed for all IT systems and networks. In addition to general administration work, administrators are responsible, in particular, for user administration, including the administration of access rights. They are also responsible for the security aspects of all the IT systems they look after.

In larger government agencies or companies with a number of different IT systems and subnetworks, it is also necessary to ensure that the work is divided between the different administrators in such a way that there are no problems regarding who is responsible for what, i.e. so that no two Administrators have overlapping responsibilities and all the tasks which need to be performed are assigned. In addition, communication between the different administrators should function as smoothly as possible.. It can be helpful to hold regular meetings of administrators at which typical problems and solutions to problems encountered in everyday operations are discussed.

When use is made of logging, steps should be taken to ensure separation of the roles of administration and auditing. The extent to which this objective is supported by the IT systems must be checked in this context.

To ensure continuity of service when an administrator is absent, a deputy must be appointed. Care must be taken here to ensure that the deputy is given a separate administrator ID (see also S 2.38 Division of administrator roles). Under no circumstances should the administrator's password simply be handed over to the deputy because that is less trouble.

In order that such deputies can take over these functions, it is necessary to ensure that every administrator and deputy have sufficient time to carry out their tasks with due care. It must also be taken into account that training and further education of administrators is required.

The specific administrator roles when using z/OS systems are explained in S 2.295 System administration of z/OS systems.

Review questions:

• Have corresponding administrators and their deputies been appointed for all IT systems and networks?
• Has the work been divided between the different administrators in such a way that overlapping responsibilities are avoided, yet all the tasks which need to be performed are assigned?
• Do the administrators and their deputies have sufficient time to carry out their tasks with due care?
• When use is made of logging: Is the separation of the roles of administration and auditing taken into account - as far as possible by technical means?
• Do all administrators and their deputies have sufficient opportunities for further education?
• Does every administrator and every deputy of an administrator have a separate, unique administrator ID?