S 2.79 Determining responsibilities in the area of standard software
Initiation responsibility: Top Management
Implementation responsibility: Head of Organisation, Head of IT
Prior to the introduction of standard software, a number of responsibilities must be determined. Examples of these responsibilities are drawing up a requirements catalogue, preselecting products, testing and approval and the installation.
Below is a proposal of how these responsibilities may be sensibly allocated. As titles vary from organisation to organisation, some functions are defined in advance according to their tasks to which the individual responsibilities can be allocated afterwards:
- The Specialised Department is the user of the standard software. This department states its need for new software and thus initiates procurement. It is involved in the preselection and testing stages in order to include the requirements of the user.
- The Top Management is responsible for the approval of the standard software. This responsibility is often delegated to the Head of Specialised Department. Upon approval, the responsibility for the proper use of the standard software is thus transferred to the specialised department.
- The IT Area has the task of providing IT solutions to fulfil the tasks of the specialised department and of guaranteeing correct and reliable operation of the IT.
- The Purchasing Department must ensure the interoperability and compatibility of the standard software to be purchased and the adherence to internal standards and legal stipulations. There are often IT Coordinators in the individual specialised departments who assume the tasks of the Purchasing Department in an advising capacity and coordinate the budgetary funds of the departments.
- The Budget Department is responsible for accounting, the IT budget management and for the provision of the necessary budgetary funds.
- The IT Security Officer must check whether an appropriate security level can be guaranteed with the products used or to be purchased. As part of the IT security management (see module S 1.0 Security management), the IT Security Officer must ensure IT security during current operation.
- The Data Protection Officer must ensure adherence to the provisions relating to data protection and adequate protection of personal data.
- The Personnel and/or Supervisory Board , often also referred to as staff/factory council, must in most cases be involved in the selection of new standard software, particularly if this means considerable changes to work processes or if the software is suitable for performance monitoring (see S 2.40 Timely involvement of the staff/factory council).
Throughout the entire process concerning "standard software", it must be determined for each step which of the above functions are responsible for the implementation and which functions have to be involved. A sensible proposal for distributing responsibilities is summarised in the following table:
| responsible | to be involved | |
|---|---|---|
| Drawing up the requirements catalogue | Specialised Department, IT Area | Purchasing Department, Budget Departments, IT Security Officer, Data Protection Officer, Personnel or Supervisory Board |
| Preselection of a suitable product | Purchasing Department | IT Area, Specialised Department |
| Testing | Specialised Department and IT Area | IT Security Officer, Data Protection Officer, Personnel or Supervisory Board |
| Approval | Top Managementmaybe delegated to Head of Specialised Department | - |
| Purchasing | Purchasing Department | Budget Department |
| Ensuring the integrity of the software | IT Area | - |
| Installation and configuration | IT Area | - |
| Version check and licence management | IT Area | - |
| Deinstallation | IT Area | - |
| Controlling IT operations | IT Security Officer | - |
The allocation of these responsibilities should be set down in writing and it should be checked on a regular basis that the relevant procedures are correctly adhered to.
Review questions:
- Are the responsibilities determined for the introduction of standard software (e.g. for selection, testing, approval and installation)?