We shall discuss the two confusing factors of ITIL DPI in details deeply. In the article, we will clearly define the control and guidelines and refer to comprehension with examples in between. The article has tried to switch the gap that often leads to confusion. Further in this article, we go deep into effective controls and all its components such as procedural control, logical or technical control, and physical control. We shall deal with each of these with clarity. And we demand, readers, to have an unlearn approach while they read this article to the extent the degree of benefit.
IT can be broadly classified as general control and application control. This division marks the beginning of understanding the various types of controls devised within the IT of an organization. This method of ITIL DPI Training is fruitful to many and hence makes it popular among every IT-enabled business.
The degree of general control revolves around accessing the IT environment by following the security procedures. Having said that, we mean, in any given IT environment. We need authenticators like security ID, Passwords, and Usernames to have access.
Pressing issues such as who can get a security ID, the field required to fill while you create one, checking pictures, multiple system logins. While as far as the passwords and usernames are concerned. The IT department has to ascertain things like:
- How to calculate the username.
- Characters included in passwords.
- Length and composition of the two.
- Exclusion criteria about passwords and usernames.
- Log on attempts & failed attempts
- Servers and backups
Some IT environments prefer second level authentication such as message codes and phone key codes like in Microsoft Authenticator!
Thus we can infer from the above-given information; general control is all about maintaining secured access to the IT environment of any given organization.
The general control as a whole can be defined as the integration of physical, technological, and procedural controls. These controls are like the boundaries or extent of the IT in any organization.
While the application control is a sub-system within this sketched environment, we shall discuss Application control further in detail.
The organization as a whole is an amalgamation of various units called the departments. They may include HR, Finance and Accounting, Administrative department, IT, inventory and logistics department, supplies, LMS, and enrollment systems.
All these set of standalone systems have their rights reserved for application control through their application paradigm. Application control defines the following:
- Who can log in to these internal systems?
- What is needed to get access?
- Processing actions
Each of these departments has to be connected with the IT environment we discussed above. The general control is similar to basic statutory compliance each of the departments and its employees needs to have access.
While contrary to controls, guidelines are set of prescribed rules and methodologies that are common to the organization. These guidelines may vary inter-departmentally, as guidelines do have cascading objectives of the individual employee, teams, departments, and the organization as a whole.
One can understand guidelines through a layout, that is:
- Easy and readable
- Has easy access
- Prolific to tasks relation and following
When it comes to tasks, guidelines can be referred to as follows:
- A set of rules and regulations
- Multiplicity in its usage, meaning the whole organization could use it.
- Guidelines should be adoptive to newer methods
- It should have the prowess to be used and performed innumerably without a hassle
- Often expert professionals are viewed as pedagogies
Take, for instance, the feedback mechanism in LMS. Guidelines sketch the ideation of the feedback loop. In the Learning Management System, the feedback mechanism should be bi-directional. Meaning employees could input their responses in bettering the LMS. Along with superiors’ feedback in helping the trainees to know where they are deficient.
This can also be related to the Performance Appraisal system. Rules should persist in how the mechanism works. How the superiors ascertain the figures in Performance Appraisal should be known to all the employees. Meaning everyone should know how they are assessed when it comes to their performances.
Guidelines here sketches some set of rules in ascertaining the KPIs and KRAs.
Both the terminology are diverse and dissimilar to each other, but due to cascading objectives, both are misinterpreted as one single entity. Which we have seen and discussed thoroughly in this article.