ICT is a means not a solution!

01-02-2021

Too often I am finding that the discussion concerning shortcomings and issues (in performance, data integrity and other process failures) leads to blaming the ICT system and even claiming that all is resolved when a new ICT system is put in place. Nothing is less true! Be warned!

The purpose of ICT in general has always been to automate the obvious. To ease our lives and to remove repetitiveness and help us 'remember'. It has brought us hugely increased prosperity after WWII. And up to a certain point it also helped companies to become more productive on themselves.

However, with the increased use of ICT many organisations, not in the least in the governmental space, forgot that ICT is just a means to achieve objectives. ICT on itself does not do the miracles. But paired with the right attention, usage, monitoring and care it becomes the mission critical environment that is at the core of your organisation.

So what I mean with that?

Apart from that any system, build by people, is never perfect, it needs ongoing attention. In that sense an ICT system (lots of componentry, wiring, and software) is alike your car today. It needs looking after and maintenance at given times. If you ignore this, sometime, some day you will pay the price.

The same applies to handling your car while you drive it. Aside from all controls you have to adhere to drive safely, there are many indicators that help you to avoid serious damage. And once such an indicator raises an alarm while you drive, I am convinced you take notice and action if needed...

I wonder why this common sense is absent when it is not your car, but your ICT system? Of course the obvious alarms will exist in most ICT environments as well, but there are many that need to be tailored to your specific situation. Therefore, it should be common practice to create a risk assessment of its purpose and use, no matter its state, on a regular basis.

Who needs access to the system, to what data, are rules required who has access and when, is it important to keep track what has been accessed or changed by who and when, is it required to keep track of a profile of normal use of the system (noticing abnormal or changing behaviour), are there any outside threats, how does a normal working day look like and what if the system shows a different profile, is data accessible thru other means, etc.

It might be challenging to resolve or address some of the outcomes, but it should be absolutely clear the work is not done once you have implemented a (new) ICT system. And even when serious issues raise the solution to the problem is not installing another (better) ICT system.

If you do not take care of all other aspects, apply human intelligence and common sense, you are bound to hit a wall... 

Fred Bosch - About Management and more - All rights reserved 2019-2022