Infrastructure and Security

Publisher Summary Infrastructure refers to those resources and items required to successfully support and operate information systems. Security refers to policies, procedures, software, and hardware designed to insure that data in information systems are protected against accidental or inappropriate destruction, alteration, or access. Properly supported, infrastructure competency allows an organization to maintain agility in responding to strategic directives and tactical changes. Infrastructure and security together provide the day-to-day operational support for the hardware and software, thus forming a critical component of the organization. Proper management of security requires attention to infrastructure and information system designs, as well as the organization adhering to strict and appropriate personnel practices. Both infrastructure and security are among the many invisible processes and resources required to implement and sustain a successful clinical computing system. Some resources, such as a data center, must be available prior to implementation of these systems; many other resources, such as those supporting security, should be available prior to implementation, but are often deferred until problems occur. Most infrastructure requirements continue and expand after the system is in use. Although organizations can purchase services through outside contracted vendors, those developing skills in their own personnel can use resources more cost effectively, saving as much as 25–40%, particularly in areas such as disaster management. In the longer term, the use of contracted services can result in the loss of skills necessary for making strategic decisions, putting into question whether the estimated savings of contracting can be achieved.