Software Version Control Management Needs Improvement

The Chief Information Officer should create an enterprise-wide, integrated structure to centralize commercial-off-the-shelf software version tracking, currency, and management to include documenting roles and responsibilities.

The Chief Information Officer should update policies and procedures to manage mainframe, server, and workstation software assets using industry best practices, including identifying, prioritizing, and removing outdated software when newer versions are installed.

The Chief Information Officer should create and execute a plan to periodically monitor and compare software running on the enterprise against the Enterprise Architecture ESP Product Catalog for accuracy.

The Chief Information Officer should remove unauthorized software or update the ESP Product Catalog to reflect the correct information, if warranted.

The Chief Information Officer should document and approve risk acceptance to continue using older versions of software (i.e., sunset, archived/retired).