Desktop Management Standard
September 2, 2014
This standard establishes baseline operational management elements and activities related to operating an information technology desktop management function within Executive branch State agencies or the State Enterprise.
Information technology organizations (from divisions down to sections) in State organizations may choose to establish and operate a desktop computer management activity in support of a customer base. Desktop computer management involves work activities that encompass planning, procurement, configuration, deployment, operational support, replacement, and the secure removal/disposal of personal computing devices.
This standard applies to all agencies as defined by Iowa Code Chapter 8A, Section 101. Non-participating agencies are encouraged to follow the guidelines in this and other enterprise level policies, standards, guidelines, processes and procedures.
Information Technology Infrastructure Library (ITIL): A set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of the business it supports.
HelpDesk or ServiceDesk Function: A defined group of ITIL practices, processes, procedures, tasks, checklists and resources designed to provide direct user support for computing, network or application issues.
ServiceDesk is primarily associated with the Service Operations ITIL phase.
Desktop Computer Management: A subset of Systems Management activities, focused on desktop computing assets that typically involves one or more of the following tasks:
- Managing Hardware inventories
- Software inventory and installation
- Anti-virus and anti-malware management
- User activities monitoring
- Computer Security management
- Hardware planning and procurement
- Device configuration management
- Equipment deployment, operational support, and repair
- Secure removal and disposal of computing devices
The following elements apply to agency IT management and technologists charged with operating a Desktop Management function or activity in support of a State agency’s use of personal computing technologies.
Procedures: Agencies should establish standard operating procedures for all primary support functions performed by the activity. Additionally, agencies should use a service request tracking and monitoring system to document requests, triage and manage activities, capture outcomes and measure desktop management performance.
Inventories: Agencies will develop and maintain comprehensive inventories of State-owned desktop computing hardware and software assets. Agencies should prepare and implement asset replacement planning that supports an average lifecycle refresh of desktop technology.
Procurement: Agencies should establish and use a management approved, limited hardware purchasing list for nominal desktop procurement (Standardized Purchasing). The listing should be aggressively managed to meet business requirements with the minimum number of device choices. See also Desktop and Laptop Purchasing Standard.
Configuration: Agencies should develop and manage standard desktop computer base software loads (images) for all hardware inventory items. Document when changes are made to an image. IT technicians should bring image changes to a Change Control process/board to receive input on image changes. Agencies will ensure that periodic patching for desktop computing assets occurs and is adequately documented. Agencies should develop an enforceable ‘managed desktop’ configuration that restricts administrative rights to and limits/protects the desktop computing asset from malware corruption, virus infestation and unchecked software installation.
Security: Agencies will implement End-Point software protections and patching that assures data security and protects network, data and computing assets. Devices that store data locally on the device (not connected to the network) must be backed up. Agencies will also implement encryption tools and procedures for all mobile desktop computing and storage devices (see Mobile Device Security Standard). Agencies should also develop and provide a desktop computer data backup capability, structured to meet the needs of all desktop users and configurations, where appropriate, for devices not typically connected to the network
Policy: Agencies will have written policies in place for: appropriate use of desktop computing assets, purchasing exceptions, replacement exceptions, and security exceptions.
Decommissioning/Salvage: Agencies will have procedures and ISO-approved methods for decommissioning desktop computing assets from active use and ‘cleaning/wiping’ data storage devices before salvaging or disposing of desktop equipment.
This document shall be reviewed at least every two years and updated as needed.