Being the provider of IS/IT can be challenging. The organization often wants more than they are ready to pay for. It is important to ask the organization what they want in terms of functionality, service delivery, availability or security.

When the organization does not act as a customer - IS/IT often ends up in the role as customer as well as provider with many assumptions and non regulated services.

A common tool is the Service Level Agreement - SLA - that specifies the delivery. However, it is important that the IS/IT services are clarified. Essential levels to assign responsibility to are:

• System level - the application that the business is using such as logistic system, pay roll, CRM etc. Often this is purchased directly by the Business without talking to IS/IT.
• The hosting of the system - this can be done by IS/IT or an independent third party such as an IT hosting center.
• The IT-infrastructure - including LAN/WAN, backup, PCs, Software, Firewall etc.
• Embedded control systems - to monitor and control machinery, water plants, heating systems etc. These are often forgotten, who takes on this responsibility? Often accessed via standard communication protocol and being extremely vulnerable.

A recent trend is to create an IT Service layer with offerings such as:

• Application hosting
• Workstation with Internet
• Backup etc.

The customer orders the IT Service - The IT Service orders IT Infrastructure such as Routers, Servers or PCs - The IT Infrastructure orders Cooling, Office or Power.

All this provides a structure with clear responsibilities and specified requirements. It also means transparency, measurements, open for audit and easily accessed dependency charts.

Another aspect of this approach is that it provides the foundation for business continuity. All the way from the business process throughout the entire IS/IT chain.

The provider of IS/IT plays a very important role in the business. Almost all business activity uses IS/IT. A disruption or loss of data might be disastrous.

To have a fair chance of doing a good job IS/IT must have the requirements from the Business to setup the IS/IT organization appropriately, for example:

• Availability - maximum down time x hours (then business impact of €xx /hour)
• Confidentiality - patent, R&D, business intelligence, the "Coca Cola recipe" (if exposed business impact of €xx million)
• Integrity - FDA quality systems, medical journal, technical specifications (if not correct business impact of € xx million)

The iFACTS Concept and Software supports all this. Making sure IS/IT receives the requirements, creating the IS/IT services, giving all IS/IT resources a performance score 0-100% indicating how well it is being managed.

Then it is all connected - business activities to IS/IT, to Facilities, Projects, R&D or Competences. With a keystroke a dependency map can be plotted showing how it is all connected and where the weak links are.