Skip navigation.

ICT Management. > Strategy & Planning

ICT Health Checklists

By Lasa Information Systems Team

Preparing an IT strategy, facing up to a key decision, or even just reviewing the way you manage IT day by day, is unlikely to be easy. One of the hardest things may be knowing where to start. The checklists on this website are aimed at getting you over that first hurdle - whether you're a Management Committee member, a senior manager, or just someone who works with IT every day and feels they could be in better control.

There are three sets of checklists:

Although the checklists look at different areas of responsibility they do hang together as a whole. It would be hard, for example, to meet all the criteria for effective users if the ICT management and overall management were seriously deficient.

There are three levels for each section.

  • Level 1 contains the elements that every organisation really ought to try to reach, in order to ensure its basic health.
  • Level 2 is a realistic target for those who want to make the most effective use of IT.
  • Level 3 introduces advanced elements which are more likely to be relevant in larger organisations or where an agency depends heavily on IT and needs to be ahead of the field. Even then, most agencies will find that they do not need to reach Level 3 on every item.

It would not be surprising for an agency to meet a few of the criteria at Level 2 even before it has met all the criteria at Level 1. This is just in the nature of things: organisations devote effort to different things at different times, and are bound to be ahead in some areas and behind in others. Finding out which Level 1 criteria are not met, however, may be a useful first step in setting priorities for the next stage of your IT development.

There are similarities here to the approaches taken both by PQASSO and by the Legal Aid Franchising Self-Audit Checklist. Agencies already using one of those frameworks may be able to integrate these checklists into their review procedures. The content, however, has been written entirely independently, and no attempt has been made to relate items or levels to any other scheme.

anchor:AChecklist A - for Management Committees and senior management teams

TopicLevel 1 - BasicLevel 2 - AdvancedLevel 3 - Specialist

Your organisation has clear aims, which can be related to the way you use ICT.

Your organisation's goals for the next year or two are written down, with the ICT implications spelled out.

Your organisation has a written three- or five-year plan which identifies the ICT element in each area of activity

You periodically consider the likely impact of future ICT developments, and their implications for your organisation.


Somebody has responsibility for ICT management and policy (see knowledgebase article Allocating and recognising responsibility for ICT).

There is a staff member with clear responsibility for ICT in their job description, adequate resources and training, and realistic time for their ICT work.

You have arrangements to "shadow" your ICT expert, in case they leave or fall ill.

Acceptable Use

Your organisation understands the need for an Acceptable Use Policy but has not yet written one (see knowledgebase article ICT Acceptable Use Policies).

You have a written Acceptable Use Policy which has been implemented and computer users are fully aware of it.


You can identify from your accounts how much you spend on ICT each year.

Money for ICT is set aside in your budget each year

All relevant funding applications make a contribution to ICT expenditure.

You have a fully costed annual ICT plan, and provision in your budget for a rolling programme of ICT replacement, upgrading and development.

Risk Assessment

You have carried out an ICT risk assessment see knowledgebase article ICT Risk Assessment).

All ICT developments consider the Health and Safety aspect at the planning stage.

Job descriptions are written with Health and Safety in mind - e.g. job diversity allows breaks from the computer.

Health & Safety

You have carried out a Health & Safety risk assessment in relation to IT (see knowledgebase article Computer Health and Safety).

All IT developments consider the Health & Safety aspect at the planning stage.

Job descriptions are written with Health & Safety in mind - e.g. job diversity allows breaks from the computer.

Data Protection

You have registered (notified) under the Data Protection Act, if necessary.

You have a written policy covering Data Protection, privacy and confidentiality.

Your policy is based on best practice, and is regularly monitored and reviewed.

Software Purchase

Standardisation is taken into account in all software purchases (see knowledgebase article Software Standardisation).

All machines are running the same version of the software

All software is licensed appropriately.

You have a policy on software standardisation.

Hardware Purchase

Compatibility is taken into account in all hardware purchases.

You have a replacement policy for computer hardware.


You set aside money in your annual budget for ICT training.

All your computer users (including staff and volunteers) have had relevant training.

Your ICT planning is based on regular training needs analysis for users (see knowledgebase article Training Needs Analysis).


anchor:B Checklist B for the staff responsible for ICT management

TopicLevel 1 - BasicLevel 2 - AdvancedLevel 3 - Specialist

You know broadly the specification of each of your computers.

You know what software is installed on each of your computers.

You can use inventory software.

You have a written record of the full specification of all your equipment and its warranty status.

You check regularly for unlicensed software in use in your agency.

Technical Knowledge

You know how to unpack and set up a new computer, or a new printer.

You know how to install a new piece of software or a software upgrade.

You know how to work out whether a small hardware upgrade would be worthwhile.

You can, if necessary, carry out a small hardware upgrade yourself.

You can adjust display and monitor settings such as resolution, number of colours and refresh rate.

Maintenance & Support

You know someone reliable you can call on for maintenance and technical support.

You have a maintenance and support contract with a person or company you trust and are knowledgeable and supportive.

You keep full records of hardware faults and maintenance call-outs.

Your support contract includes provision for rapid disaster recovery.

Your support contract has guaranteed call-out times on essential items (e.g. the file server).

Fault Finding Skills

You have a system for recording computer problems, and you take action to resolve them.

You routinely analyse your computer problem records to identify training needs, inadequate software and potentially faulty hardware.

If a system stops working, you have a good idea whether the problem is with the hardware or software, and can often resolve the problem yourself.


You can remove old files and directories.

You can uninstall software, clean up and defragment disks.

You can install patches and service packs.

You have a process in place for regular housekeeping.

Network Administration

You know how to add a new user to your network.

You can add a new computer to the network.

You can set up access permissions on shared folders.

Your network is regularly monitored to assess its performance and identify housekeeping needs or bottlenecks requiring attention.

User Induction

All new staff are shown how to use the computer(s).

There is a written computer induction procedure for new staff.


You are aware of accessible computing and where to obtain advice.

You are aware of the requirements of the Disability Discrimination Act.

Your organisation's website has been audited / tested for accessibility and meets minimum requirements.

You have a resource library of information and equipment for users to try out e.g. trackball mouse, ergonomic keyboard, information on Windows accessibility options.

Your organisation's website complies with the W3C (World Wide Web Consortium) accessibility level 2/3 guidelines.

You regularly check your website for accessibility problems.


You know who your service provider is, know how to renew your domain name registration and have records of your account details, user name, password, account reference etc.

You know what to do if there is a problem accessing the Internet.

Your website is kept up to date.

You have anti-spam software in place.

You know how to deal with adware and spyware.

User Training

All new staff are shown how to use the computer(s).

All your computer users have had appropriate training.

All changes to your computer system have a training element built in.

You carry out a regular IT training needs analysis.

You have a training programme to routinely upgrade users' skills.

You have at least one "super-user" for each of your main software packages, to help other users, develop macros, run in house training sessions etc.

Audit of Effective Use

You occasionally check whether your computer users are facing any particular problems.

You have a good sense of whether most of your users are using their computer systems effectively and what their training needs might be.

You are familiar enough with all your key software to be able to check whether your users are using it effectively.

You are aware of software developments and their potential benefit for your organisation.

Backing Up

You have back-up procedures and check that they are followed (whether done centrally or by individual users).

You ensure that all key files are backed up at sufficiently frequent intervals and copies are kept securely off-site.

You regularly test your back-ups to ensure you can restore files if necessary.

If users need to recover files they deleted some time ago, this can be arranged.


You have up-to-date anti-virus software, and you check all disks or files originating outside your organisation.

All equipment is security marked.

Your Internet connection has a basic firewall.

All incoming floppy disks and e-mails are virus-checked Key files and systems are protected by passwords.

You enforce regular password changes on your server based network.

Your network is run by a server which you are able to administrate.

Data Protection

All users have been told their obligations under the Data Protection Act.

You monitor your organisation's compliance with Data Protection in respect of computer-based data.


Your computers are covered on your contents insurance, on a new for old basis.

Laptops and other mobile devices are covered for use outside of the office.

Your insurance policy includes cover for reinstating data from computers that are stolen or damaged.


The IT manager/co-ordinator need not necessarily be a technical expert. Their role is often to know what should happen and how to make it happen (or whom to call in). This checklist is more dependent on the size and nature of the organisation than the other two. In some agencies the IT Manager may need only to meet Level 1 and a selection of criteria from Level 2. In others, the organisation may be large enough to employ technical experts so that, again, the IT Manager doesn't need all the Level 2 and Level 3 skills themselves.

anchor:C Checklist C for computer users

TopicLevel 1 - BasicLevel 2 - AdvancedLevel 3 - Specialised
Understanding the role of ICT in your job

You have been shown how to use the computer for your normal tasks.

You have been given and understand the Acceptable Use Policy.

Your manager has explained to you how the computer relates to the tasks in your job description.

You are able to suggest, or develop, new ways of using the computer to improve your job performance.

Basic Skills

You know how to switch on the computer and printer.

You can get into and out of each application you need to use, and print your documents.

You can save your work and always find it again.

You can deal with basic printer problems, such as paper jams.

You know what to do if you delete something by mistake.

You know how to create folders, move and copy files.

You know how to find a colleague's documents if the colleague isn't there.

You can change printer toner or ink, and use labels or other non-standard paper.

You can recognise and know what to do if you suspect a virus has been sent to you by email.

You can convert files from one format to another.


You know whom to ask if you have a computer problem.

When you have a computer problem, you generally learn how to avoid it in future.

You can fix many problems yourself, with telephone support.

You can identify possible causes of many problems, and talk knowledgeably to a support person.


You were shown how to use the computer and had time to practise using it.

You have had formal training up to basic level in all the software you use.

You have a regular opportunity to consider your training needs.

You have had advanced training in the packages you use most often.

You are a "super-user", able to help other staff on one or more packages, and to set up macros, etc.

Data Protection

You know how Data Protection affects you and what you must do to comply with your organisation's policy.

You know whether specific operations (e.g. disclosing a mailing list) comply with Data Protection or not.

You are able to comment on how Data Protection works in practice in your organisation.


You know how to log into any password-protected systems you use.

You know how to change your password and check files or disks for viruses.

You know how to share and restrict access to your files.


This list is not only for the users themselves. The computer manager should go through the answers with each user, to identify areas where either the individual needs training or support, or where the organisation needs to take action.

About the author

Lasa Information Systems Team
Lasa's Information Systems Team provides a range of services to third sector organisations including ICT Health Checks and consulting on the best application of technology in your organisation. Lasa IST maintains the knowledgebase. Follow us on Twitter @LasaICT


Adware, Domain name, Firewall, Floppy Disks, Hardware, ICT, Internet, Mobile, Monitor, Network, Server Based Network, Software, Spam, Spyware, Switch, UPS, Virus, W3C, WAI, WCAG, Website

Related articles

Published: 1st May 1998 Reviewed: 9th July 2006

Copyright © 1998 Lasa Information Systems Team

All rights reserved

User comments and discussion

If you have useful information to add to this article please Add a comment. Comments will appear after they have been moderated.

Discuss this topic in the Knowledgebase forums. This is a useful place to share knowledge, experiences, and ask questions.

Please sign in or register to be able to post a comment or discussion.

23rd February 2011This has been a very useful tool down the years, are there any plans to keep it updated?

23rd February 2011Here at Lasa we are looking at the scope of the Healthcheck and part of this process will be to update this article.

Thanks for positive comments about the article as a useful tool.