The Information and Communications Technology options available to libraries are unparalleled. A carefully managed project can considerably enhance the services provided by the Parliamentary library to its Clients. However, unlike engineering projects, ICT projects are notoriously vulnerable to failure. The selection of suitable software for a parliamentary library should be undertaken carefully and systematically. The business case should be situated in the context of an overall Information Strategy for development of the resources management by the library. This could also include a content strategy for management and presentation of content on the corporate intranet. This chapter provides an overview of the general principles of software selection and implementation management. A careful approach to software selection and service management can reduce the risks of project failure. Above all, it is important to understand the requirements of library current information needs of the Parliamentary members and situate these needs in the broader strategic role of the library.
This chapter outlines typical approaches to reducing the risk of ICT project failure through:
An Information Strategy is one means of improving the analysis of the current information needs of the Members, their staff. Chapter Six outlines techniques to review these information needs. The priority for selection of new systems for use in the library should be defined by an Information Strategy. An Information Strategy should then be formulated to provide an overall framework for the capture, management and delivery of information that meets the client needs. As such the Information Strategy embraces the staff and the ICT resources needed in order to gather, manage and deliver information in a consistent manner. A typical Parliamentary Library Information Strategy will include broad gaols of:
The Information Strategy will help define priorities for the systems that are needed to meet the information needs. For example, in a high-circulation library where the priority of the members is access to the resources in the library, implementation of an improved Library Management System may the first step in implementing the Information Strategy. For a library with the most pressing need is provision of current news and guidance the improvement of the ICT support for reference services may be the first priority.
The development of a business case for introducing new systems and services is not only about achieving organisation commitment to funding, it is also about developing an understanding of the purpose and extent of the project. The intelligence gathered in identifying the information needs and an Information Strategy framed around these needs will support the development of an appropriate business case.
ICT projects tend to be most successful where they are accompanied by a methodical process for project management. Prince2, for instance, is a product-focused project management technique for the oversight of major projects that focuses on a product-based planning approach and the organisation of projects into manageable and controllable stages to minimise risk. Methodologies such as Prince2 require development of a Project Initiation Document (PID) that defines the outcomes, resources, constraints, and risks associated with the project . Understanding your current systems and measuring your capacity for new systems is a first step in this assessment. Even if new systems are highly functional, it may be important to assess whether all elements of a system are adopted at once or whether adoption is staggered over time.
Irrespective of whether software is commercial or open source, the implementation of systems to meet the needs of the libraries is attended by stages of data conversion, training and workflow adjustment that need to be carefully planned. Organisations such as the United Nations have played a key part in enhancing the ICT capabilities of libraries. Where selecting software a formal process of evaluation should be considered. This may be through formal tender processes, or informal internal evaluation. Either way, it is important to understand your requirements and situate these requirements firmly in a business case to ensure the the new systems deliver their benefits.
The risk of software projects can be reduced through a systematic approach to adoption that includes:
Where a formal tender process is required, a request for proposal might typically have:
Vendors should be required to identify costs (fixed and variable) as well as risks associated with their system.
A more constrained Request for Information might also be sent out to selected vendors after a survey of software options. Software solutions are never “free”. Whether open source, commercial or free for use, sustaining solutions over time have attendant system operational and professional development, as well as the associated development of workflow processes to situate software in the context of a particular Parliamentary Library.
The Parliamentary library may not be subject to formal tendering processes. Organisations such as UNESCO and the UN can kick-start the implementation of library services by providing guidance and assistance in software implementation. It is still important to evaluate the ways in which implementing such systems will fit your particular library. When a formal tender process is not required, an internal review of software that has been selected should be undertaken that reflects on the capabilities of the selected system against the current requirements.
Software may be available to the library at no charge, or with no license cost (such as Open Source). However good the software, the implementation of this system may fail if it fails to meet the current needs of the clients of the library. For this reason, it remains important to evaluate the software systematically and guide the project implementation in a manner that is focused on your own library requirements. The business case for the software should not be neglected and an internal evaluation process should also be undertaken to avoid the potential problems in project implementation. If the project implementation is not understood in the context of an internal business case that reflects on the long term relevance and sustainability of this service in the library the implementation of these systems may not yield the hoped-for benefits for Parliamentary clients.
In evaluating the implementation approach an internal evaluation should at least look at:
There are well defined approaches to ICT implementation that are designed to reduce the risk of project implementation. Most project management approaches divide a project into phases of:
For larger projects, a Project Steering Committee should be established. Not all projects require such a Project Steering Committee – it will depend on the cost, complexity and duration of the ICT project. A typical Steering Committee might comprise :
The Steering Committee should be kept to the smallest practical size that allows regular, brief, review of the project governance and progress.
An example of a formal methodology for project management developed for medium to large projects is the PRINCE2 project management methodology. Further information on this project management framework can be found at best-management-practice.com (http://www.best-management-practice.com/)- a portal site with information resources on Prince2.
Information Systems are dynamic and require ongoing monitoring and support. Whether managed externally or internally, a service-oriented view of this management is typically the most effective method for archiving the best practical outcome for ongoing system operation. One of the most comprehensive standards for ongoing service management is the Information Technology Infrastructure Library (ITIL), a set of principles and standard for service operation that break down ongoing service management into:
With the increasing number of external providers that a library relies on, the Service Level Agreement becomes an important means of defining the responsibilities of service providers. A Service Level Agreement can define:
Similar (less detailed) agreements can be useful with internal ICT departments to define quality and consistency in service delivery.
Service delivery of systems will be in the context of the broader architecture supported by the ICT. Selection of systems to support the library need to be conscious of this framework. The library can draw on a variety of service architectures including:
Libraries, where sufficiently resourced, can also take advantage of the many Web 2.0 productivity tools to develop mash-up solutions that leverage a mixture of internal systems and the above approaches to unify different systems in a single internal view for the benefit of clients.
In order to realise the tremendous benefits of services delivered over the Internet, end-users are required to entrust a growing number of service providers with more and more personal information. This information often deals with aspects of people's lives which are regarded as personal and private and may include information about their identity, physical location, contact details, among other things.
The loss of personal data by a service provider may result in an interruption to the service and a degree of inconvenience to the consumer, but unauthorised access to and misuse of personal information can have longer-lasting consequences. The possession of personal information can, in some circumstances, be exploited by unethical marketers, or by criminals for fraudulent purposes. As a result the theft, selling and buying of personal data has become a issue that must be treated seriously by service providers and consumers alike.
The privacy and security of personal data entrusted to any service provider must be safeguarded from loss and misuse by the service provider. Privacy requirements form an important part of the Service Level Agreement with any software and hosting providers.
Most people would be aware that networked applications, unless properly managed, are vulnerable to intrusion by computer hackers. However, experience also shows that abuse of authority and trust by staff with access to computer systems is as much a problem as external intrusion. While most staff are trustworthy and careful, the concentration of personal information within a single repository provides the potential for one incident to have a large effect.
The rich capabilities of Web 2.0 applications come with attendant privacy risks. When the library is building mash-up-style applications or architecting solutions that use a mix of internal client data as well as external services the library staff should be aware of some basic tenets of privacy around the design of information capture and usage policies for personal data:
The Parliamentary Library should take measures that include education of staff to their need to protect privacy, virtual and physical security measures, backup processes, robust server and network design and auditing of access to the systems which they manage. Nightly backups of data on systems should be encrypted and retained only long as necessary to ensure business continuity in the event of system failure.
Staff employment terms should include privacy and non-disclosure conditions and employees should be given access to systems for which they have responsibility to the level required to undertake their tasks.
The library has a responsibility to indicate the usage of any personal data managed, and should communicate these policies to any hosting agencies or departments managing their data. A basic requirement should be that service providers not sell, rent, share or otherwise communicate the parliamentary libraries client data, unless in a manner required by the library.
In this context it is important to establish structures, processes and procedures to mitigate risks that may arise from within their domain of concern. The following areas need to be considered:
The library should undertake a risk assessment associated with its systems, and resources and assess processes to mitigate that risk. A simple example follows:
|Misuse of data |
|Virus infection||System outage & data loss or breach of privacy||
Anti-virus installed on all systems
No file shares on servers where not functionally required;
Patch update policy on all systems
|Hard disk failure||Loss of data due to hardware failure|| Mirroring of all system and data disks
Nightly backups of all data
Weekly system mirroring of critical systems
|Hardware failure |
|Loss of data due to hardware failure, client & office outage|| Mirroring of all system and data disks
Nightly backups of all data; Weekly system mirroring of critical systems
|External Network failure||Loss of data due to hardware failure|| Mirroring of all system and data disks
Nightly backups of all data
Weekly system mirroring of critical systems
Fail-over arrangements with servers available in the office (e.g. Linux to Linux or Windows to Windows)
|Power loss - server||Server outage and loss of data||Redundant power supplies on all servers & fault alerting|
|Power loss - office||Client access outage||Hot standby servers in DRP Sites located on different network and power service|
|Hardware failure - internal hubs||Office & external service outage||Hot standby hubs|
|Network outage - primary data link||Office & external service outage||Maintain a separate high-bandwidth link to the office
Hot standby servers in DRP Sites located on different network and power service
|Fire||Office & systems outage||Technical contacts for hardware and asset recovery. Exit and assembly plans for staff|
|Flooding||Office & systems outage||Technical contacts for hardware and asset recovery (for instance freeze drying for books)|
|Earthquake||Office & systems outage||Exit and assembly plans for staff|
The level of protection undertaken against each risk depends on the expected impact of an outage on clients and the consequent degree of disaster production redundancy that is engineered into your architecture. Fully redundant live standby servers are possible but can be very expensive to maintain. They are typically warranted where the outage interval in case of a disaster event for clients must be kept to seconds or minutes. A minimum disaster recovery profile should see off-site backup of data and well documented (and tested) steps for recovery of this data.
For each risk event associated Disaster Recovery Plan steps should be in place which defines the contacts, processes and actions during and after the disaster event. It is also important to document the last successful test of this disaster plan.
In locations where power supply is irregular, risk mitigation might include arrangements for mirroring services with other agencies (for example ensuring catalogue holdings are available through WorldCat).
Training of library staff is an essential component of ICT capability building. Training needs to be timely - too much in and advance of systems delivery or too much in arrears can leave staff struggling when they are called on to provide support for systems with which they are not familiar or comfortable. This training needs to be framed around the road map for library service delivery. For this reason a training needs analysis framed around the library services road map should be periodically reviewed. This needs analysis can also be used to identify areas of staff development, especially for those library staff tasked with forward-facing service delivery.
With the transition to an increasing web-based focus on information delivery, there are a number of approaches to web-based self education on the Web 2.0 mix of tools and services. One of the most popular is the “23 things” programme that takes the learner through a Web 2.0 journey relevant to librarians (http://plcmcl2-things.blogspot.com/).
A responsibility for many libraries is that of training. The sheer diversity of resources available through the library itself and on the web can be daunting. The Parliamentary library often provides induction training for newly elected parliamentary members and their staff in using library resources. This can be extended to include training in ICT-related areas such as the use of Web 2.0 resources, use of e-book readers and use of the information resources in the library itself.
Such training can also be the opportunity to brief researchers on the constraints of copyright and the risks associated with plagiarism. It can also be an opportunity to undertake before and after surveys on the library to assess level of understanding and usage of library resources and assess over time what information resources the members are looking for.