Before beginning the Healthy and Secure Computing process, decide if the program is an appropriate fit for your organization. This section discusses what you should consider while planning to implement the guidelines, including legal mandates and programmatic concerns. You will use this information at different points in the process to decide between technology options. You may find that your information system needs are such that HSC is not an appropriate fit, or that large parts of HSC are appropriate, or that you will be able to adopt all of the HSC guidelines.
Security and Confidentiality ConcernsYou can go a long way toward reducing, but not completely preventing, security risk with a minimum investment of resources. These are typically the recommendations we provide. A delicate balance exists between ease-of-use and security, more secure systems usually require more steps to access, making them more complex to use. HSC recommendations follow a moderate path in this regard.
If you handle confidential information, have legal security mandates, or are in some fashion controversial, you may have security needs that are beyond the scope of these recommendations. Organizations that typically fall into this category are those that must safeguard confidential client data such as medical information, social security numbers, or credit card information.
Security issues are discussed in greater detail later in this workbook.
Plans for GrowthIf you expect to grow significantly you should adopt HSC technologies that will be appropriate for your expected size. It's easier to grow into a network than to smoothly expand a network.
SizeIf you have a great many computers or users, you may need to adopt different parts of the HSC guidelines, and place resources in different configurations. Exactly what size is too big depends on how tightly your IT is integrated into your daily operations. For example, if you actively use a shared database, you will find that the HSC guidelines scale to a larger size less well than they would if you do not integrate a database with your daily work.
IT ComplexityIf you use complex technologies you may find that some HSC guidelines are not applicable to your situation. For instance, if you have a custom built, Internet-enabled, database that handles all your programmatic data, you are more likely to find that the HSC guidelines are less appropriate for you than for an organization using an off-the-shelf stand-alone database application for a small part of their work.
Pre-existing ConditionsIf you currently experience serious technical problems, such as virus outbreaks or key hardware failures, you will need to solve these problems before implementing the HSC guidelines. It is important to be aware of the HSC guidelines while repairing existing systems, so that the repaired systems will fit easily into the larger HSC framework.
Specialized ApplicationsIf you use specialized software applications, such as geographic information systems (GIS) or customized client tracking software, some HSC guidelines may be inappropriate for you. We strongly recommend following the hardware and software recommendations for specialized applications. Trying to shoehorn an application into an unsuitable hardware and software environment is a recipe for IT headaches.
Computer LabsIf you have a computer lab, or are planning to set one up, you should follow specific guidelines designed for lab situations.
Bandwidth UseIf you have large quantities of data, such as digital video archives or multimedia databases, you may find that the HSC recommendations do not provide enough network and storage capacity.
Staff Skills and IT ManagementIf you have staff with strong IT skills or dedicated IT staff, you may be in a position to use advanced technologies, and may find the HSC guidelines restrictive. On the other hand, if you have very limited IT knowledge, you may need to budget additional resources to IT consulting in order to effectively use the HSC guidelines.
ResourcesTo successfully adopt the HSC guidelines you will need significant expenditures of time and money, so make sure you have the necessary resources on hand to engage in this process. This includes management time for planning and decision making, staff and consultant time for implementation, staff time for training, financing for hardware and software purchases, time and money for regular maintenance and support.
What To Do if HSC Does Not FitThe HSC program is not intended to fit every organization, but should apply to the IT resources of most. If HSC doesn't seem to fit well, we recommend undertaking a formal technology planning process to find solutions that meet your needs, requirements, and constraints. More information on technology planning is available on TechSoup, http://www.techsoup.org/techsoup.cfm?id=1519
Worksheet 1: Planning Considerations