Final | April 2019 | v3.0.0 | OFFICIAL - Public | QGCIO
The policy states the Queensland Government’s direction in regards to maintaining the currency of Information and Communication Technology (ICT) hardware.
The purpose of the policy is to ensure departments define and implement suitable strategies for managing the life cycle of ICT hardware assets.
To ensure that the delivery of government services underpinned by information technology is reliable, low risk, cost effective and agile, the Queensland Government will reduce and where possible eliminate instances of unsupported ICT hardware. Unsupported refers to the situation where there is no longer vendor or third-party maintenance available to provide replacement components or field support.
The policy will assist departments in managing the balance between cost and operational risk for ICT hardware and potentially increase the ability to:
- maintain and possibly improve capacity to integrate with up-to-date technologies and to align with changing business requirements
- ensure better vendor support is in place for ongoing ICT hardware maintenance, particularly during incidents
- maintain alignment with skills available in the labour market
- increase management visibility of the business risk associated with running on old or unsupported ICT hardware
- reduce costs associated with ICT hardware procurement, support and training through consolidation
- reduce costs, risk and complexity through supporting fewer ICT hardware models.
This policy applies to all Queensland Government departments.
Where a department owns the ICT hardware, regardless of the location they are responsible for ICT hardware currency management. If a managed service is outsourced to another Queensland Government agency such as CITEC’s managed services, the ICT hardware currency is the responsibility of the service provider. In the event of outsourcing to an entity external to the Queensland Government, the department is responsible for covering the ICT hardware currency risk in the associated service contracts and service level agreements
Policy requirement 1: Departments must retire, update ICT hardware or replace with an as-a-service solution with a medium or high business impact before it reaches the end of service life support unless the risk is formally accepted via the corporate risk management process
Departments must retire or replace any ICT hardware asset with a high or medium business impact before it reaches end-of-service-life (EOSL) support by the vendor or replace with an as-a-service solution. Exemption to this requirement is only at the acceptance of risk by the appropriate delegate in accordance to the agencies corporate risk management processes.
EOSL refers to ICT hardware that is no longer manufactured or supported. Terminology for EOSL varies between vendors, however most vendors will have an end of life announcement stipulating when the manufacturing or product ordering will end followed by an EOSL that stipulates when support for the ICT hardware will end.
High or medium business Impact is defined and calculated using the Digital and ICT strategic planning framework; High generally refers to a score above 3.2 and Medium refers to a score ranging between 1.6 and 3.2. See Current state module – Enterprise architecture assessment.
Policy requirements are supported by best practice guidance in the Hardware currency guideline.
This policy comes into effect from the issue date.
Departments are to assess ICT hardware with a medium to high business impact due to reach EOSL and decide as to whether to update, retire or accept the risk associated with those ICT assets by 30 June each year. This should be conducted routinely as part of the department’s regular ICT planning process and the resultant actions included in their ICT Work Plan.
The business risks associated with the EOSL hardware must be formally documented and managed within the corporate risk management framework.
Issue and review
Issue date: 9 April 2019
Next review date: April 2021
This QGEA policy is published within the QGEA which is administered by the Queensland Government Chief Information Office. It was developed by the Queensland Government Chief Information Office and approved by the Queensland Government Chief Information Officer.