IT Dependability Management in Governmental Organisations

Abstract: As our dependence on IT systems increases, evaluating the dependability of critical IT systems becomes more important. This is especially true for systems that are critical in a crisis situation and whose dependability is an important factor in an organisation's capability to resolve a crisis. Because crisis situations are typically rare events, both the dependability and the criticality of IT systems during and after a crisis situation are hard to predict. Part I of this thesis focuses on the analysis of the sensitivity of the reliability of IT systems to changes in their usage. A crisis typically changes the usage of an IT system, which in turn can influence the system's reliability. With the help of statistical methods the effects of changing usage profiles, modelled through the use of Markov models, can be examined. After a theoretical derivation of the properties of different models for the usage of software systems, the results are validated by applying the models to the data collected from the logfiles of a webserver. Swedish municipalities also depend more and more on IT systems for their daily work. Because of their important role in the relief coordination during and after a crisis, the dependability of their IT systems during these emergency situations is especially critical for Swedish society. The evaluation of this dependability requires the combination of two kinds of information: how critically needed the IT systems are in crisis situations and how trustworthy the critical systems are. Part II of this thesis focuses on how two Swedish municipalities deal with these issues in practice. Exploratory case studies involving two municipalities show that an important part of the problem lies in the cooperation and communication between the different actors involved. The study shows a need for concrete methods that can assist governmental actors in assessing and improving the dependability of their IT systems and in integrating this information in their emergency planning. For this purpose a maturity model for process improvement in this area was developed and evaluated. In the process of evaluating this maturity model a systematic mapping study on the evaluation of maturity models was also conducted. Finally, a study on how Swedish municipalities use Service Level Agreements (SLA) to communicate about important aspects of information safety resulted in a practical template for internal SLA's specifically tailored for the needs of Swedish municipalities. This thesis provides governmental organisations with tools to improve their IT dependability management. These tools are based on solid empirical studies, have been evaluated with the help of practitioners and are now ready for use and extended evaluation by governmental organisations.