Navigate Up
Sign In

Assurance Management

 ICT Change Management    Software Licensing Management    Patch Management Governance
 

INTRODUCTION TO ASSURANCE MANAGEMENT​

 

The Assurance Management function is responsible for the management of Software License Management, Patch Management and ICT Change Management. The following are the high-level objectives of this function:

  • To instil a governance mentality in ensuring solutions are delivered with a Quality-centric approach;
  • To ensure that IT solutions abide to Government’s ICT policies and best practices;
  • To govern changes targeted on Government’s Infrastructure under the ICT Change Management Framework;
  • To streamline and improve the current Software License Management processes, according to recommended industry best-practices;
  • To further streamline and improve the Patch Management Process. Technology evolves rapidly, with possible impacts resulting in shortcomings in configuration, discovery of new functionality shortcomings, or breaches in functionality.​

Back to Top

 
 
The Patch Management function within the Technology and Systems Governance(TSG) department is to ensure that key elements of the components which are under the control of MITA are up-to-date with the latest critical and security patches so as to mitigate and protect against known vulnerabilities for given operating systems and/or application software.
 
With the rise of malicious code targeting known vulnerabilities on un-patched systems and the resultant negative affects incurred by such attacks, Patch Management has become a pivotal process within an organisation’s list of security priorities. Proactive Patch Management is therefore a crucial issue and a must for any organisation that wants to be safeguarded as much as possible from vulnerabilities and exploits. The key role of a successful Patch Management strategy is to help improve security without disrupting business critical systems. This is achieved by enforcing a consistently configured environment that is protected against known vulnerabilities in both operating systems and application software.
 
The following are the main objectives of this function:
 
1) To determine the appropriate threat levels and duly disseminate related information to involved stakeholders; 
 
2) To monitor patch schedules for both servers and workstations identifying implementation timelines also taking into consideration patch criticality;
 
3) To govern and monitor the phases of the Patch Management Cycle while implementing the Patch Management strategies as defined by internal processes;
 
4) To carry out governance on environments which are under the control of MITA and to identify any vulnerable infrastructure;
 
5) To facilitate and champion any exception processes that deviates from the Patch Management strategies;
 
6) To maintain a working knowledge of patches that are deployed in the respective areas;
 
7) To ensure that workstations and servers within the Public Sector and within the Entities that make use of the Patch Management service offered by MITA, are updated with patches accordingly.
 
 
 
The Software License Management within the Technology and Systems Governance (TSG) department focuses on the up-keep of the software asset management for effective management, control and protection of the software assets within the Agency throughout all stages of their lifecycle. A number of initiatives were carried out related to the tracking of software licences in order to reclaim unused instances and hence be able to reuse the licences. This proved to be a cost effective method, always ensuring that licences are being utilised in the most efficient manner.
 
The following are the main objectives of Software Licensing Governance:
 
1) To streamline and improve the current processes (Internal / External) in line with recommended industry best-practices to improve monitoring, also allowing faster response to requests;

2) To ensure that MITA is aware of its ‘software license’ assets, also ensures that no illegal or unlicensed software is being used;

3) To ensure that effective and ongoing management is carried out on corporate software licenses;

4) To manage and track all software media under its direct control;

5) To issue media for corporate software as deemed necessary;

6) To maintain the Agency’s Software Asset Register;

7) To instigate and analyse software audits and metering reports to ensure optimum utilisation of software resources;

8) To follow the GMICT software-related policies and the internal (MITA) license management procedure.

9) To provide support and guidance to Public Sector Organisations with respect to licensing matters.

10) To actively promote software compliance according to government’s policies.
 
 ​
 
 
The ICT Change Management within the Technology and Systems Governance (TSG) department controls the lifecycle of all Request For Changes (RFCs), with the main objective being that to facilitate the whole implementation process whilst ensuring minimum disruption to IT Services.
 
An RFC may involve the addition, modification or removal of any component that could have an effect on IT Service scope of any entity.
 
The following are the main objectives of this function:

1) To perform evaluations of services based on the relevant Government of Malta ICT (GMICT) policies;

2) To ensure proper planning for a service implementation involving all the stakeholders at all stages;

3) To assure that testing and its relevant documentation are carried out in a structured and consistent manner, using a predefined approach such that:
  - The RFC will not fail, or that the changes of failure are minimised;
  - Any risks being incurred by the implantation are handled; and,
  - Quality of service is instilled.

4) To instigate Change Advisory Board (CAB) meetings involving all the stakeholders in order to discuss the aspects of the implementation and assurance processes and tackle any issues that may arise;

5) To implement the service and reporting back to the service owner with the outcome of the RFC;

6) To evaluate the effectiveness of the implementation with continuous improvement in mind;

7) To perform post implementation reviews to assess the outcome of RFCs.