IT infrastructure assessment checklist

IT powers your business. In the modern workplace, even a small issue with your IT infrastructure can cause disruptions to routine business operations — resulting in data issues, downtime, and security vulnerabilities. A detailed IT assessment can help you identify areas of weakness in your environment. This guide includes a checklist to help you assess the following:

• IT strategy and performance
• Data and cloud storage
• Hardware and software capabilities
• Risk management and compliance
• Workflows and other procedures

The checklist included here is a good starting point. But you will want to compile your own checklist based on your organization, industry, and unique needs.

What is an IT assessment?

An IT assessment is the formal process of analyzing all the data, systems, and procedures in your IT environment. It helps you evaluate the state of your environments today — so you can identify and prioritize critical areas to improve, such as outdated tools or missing policies.

You should assess your IT environment annually or bi-annually. Be sure to reassess after any "triggering event" — something that could potentially disrupt or compromise systems and policies. A triggering event could include:

• Embarking on an enterprise transformation
• Migrating legacy systems to the cloud
• Moving a data center
• Opening or relocating to a new office space

Why is an IT assessment important?

A thorough IT assessment improves communication and transparency — by providing a baseline to share with the leadership team. An assessment helps you create goals and targets for the future.

Using a checklist ensures that you gather all of the details that the team has agreed upon. Review periods are smoother with a checklist as a guide.

Building an IT assessment checklist

Before you create your IT assessment checklist, start by defining or revisiting your strategic goals. Generally speaking, your checklist should include all of the items you need to review in order to function effectively and comply with security regulations. But when it comes to determining how to address weaknesses and the actions to prioritize, refer back to your larger strategy.

Then review prior IT assessments and documentation. Confirm issues that have been resolved and document any impending triggering events. Pay special attention to any questions or concerns that were raised in the last assessment. What items should you add to your checklist to be sure you can answer similar questions in the future?

Now you are ready to create your list. Use this sample checklist as a starting point:

IT strategy and performance

• Are IT goals clear, specific, and measurable?
• Are IT goals and initiatives aligned with company strategy?
• How responsive are we to internal and external customer requests?
• Is our IT roadmap up to date?
• Are any SLA metrics and scores up to date?

Data and cloud storage

• How is data stored and backed up?
• Who is responsible for cloud storage updates?
• Which cloud service providers are we currently using?

Hardware and software capabilities

Take inventory of equipment, storage, and computing capacity as well as software applications in use across the organization. Inventory may include:

• Computers
• Hubs
• Network equipment
• Routers
• Servers
• Smartphones
• Software applications
• Switches
• Third-party software

Assess the following:

• What is the age of existing systems?
• How frequently do we update existing systems?
• When was the last time we performed a gap analysis of critical systems?
• What is our roadmap for upcoming system migrations or upgrades?

Risk management and compliance

Because your IT environment can change quickly, it is essential to regularly check that you are still compliant with any certifications, terms, licenses, or other guidance. You may be subject to compliances such as HIPAA or PCI. Aha! maintains ISO 27001 certification, for example. Include these in your regular assessments or confirm that a separate audit was completed.

• Are anti-virus and other security or backup systems functioning properly?
• How do we currently manage logins and user permissions?
• Who is responsible for managing and updating security policies?
• When was the last time security was compromised?
• What security improvements are we currently prioritizing and why?
• Is our disaster recovery plan up to date?

Workflows and other procedures

• Are important workflows and procedures well-documented and easy for anyone to find?
• Is all IT documentation up to date?
• Do any new workflows or processes need definition?

You will likely add other items to your own checklist. Once you do, set your assessment in motion and develop an action plan for addressing areas of need.

Best practices are best supported with the right tools. IT roadmapping software can help you manage projects, releases, and changes. Get started with Aha! Roadmaps — free for 30 days.