Over the years I have seen a number of different models used by libraries of various types and sizes for managing IT. The models have changed over the years, but also vary enormously, often based on budgets but sometimes based on philosophy.
I can remember sympathising with a lecturer at my PPOW (previous place of work) back in the early 90’s, when he wanted computer science students to be able to dial in to the university’s computers to access programs on the server (probably FORTRAN!) He was told by the network guys that that was far too risky and likely to cause serious hacking (we couldn’t imagine the scale of hacking that we see today back then).
But the odd thing is, with all our tools, and skills and knowledge, we still hear the same type of arguments from IT staff either in or supporting libraries now. I was very taken with the video series from iACPL, as they capture so well the issues we have been living with all the time I have been working in IT in libraries.
MPOW (I’ve only been there a week) has just implemented port security, and it is causing us all sorts of problems with regular dropouts and a mountain of calls to the service desk. Is it necessary? Or is it simply a safety measure implemented to protect those who want to lock everything down, just in case and because it’s ‘their job’ and so they can satisfy those that measure risk? I don’t know the answer to that, but I do know I can’t get the answer by myself, I will need to gather data from their side too.
At MPPOW, I had an experience recently where I was having a conversation with my IT customer services manager about the setup on our library computers. We had just decided to require all users to login, after many years of open access (to try and control the network traffic costs). But we needed to work out a strategy for our walk in users, many of whom are local high school kids, to get a temporary login and password. I warned him that we needed to be prepared for under-age students wanting access. His immediate response was that we would refuse to give them access, as it was too risky and we could be liable if they accessed inappropriate material. Ten minutes later, after I explained to him that the kids were given library membership as part of a recruitment drive by the university, and that if they didn’t have access the whole recruitment strategy would be pointless, we started having a very different conversation. Without that extra information, his approach was the cautious safe easy one. With the information, he started to explore alternatives and think laterally.
All of which is way off the topic of models of IT management in libraries – but it is the point. The lack of appropriate information and appreciation of the other’s business is one of the difficulties in the model where IT is supported and managed, either in full or partially, by an agency outside the library. That model seems to be increasingly common, as it is difficult to justify the costs associated with running a full blown IT shop inhouse, staffed by staff who report to the library management.
So let’s look at the models. They seem to range from
- all support provided by a section of the library, reporting to library management. This seems to be still common in large libraries with big budgets. It doesn’t necessarily mean that you get what you want – I know one large rich library that does this, and
- library staff are frustrated because the IT section is like a black box and they don’t get much say
- they are very ineffective as decision making goes through many layers of committee
- it is very costly, as there is not opportunity for economies of scale, ie they can’t share the costs of a eg network admin with some other part of the parent organisation
- because the IT section is large, there is a risk of inflexibility
- all support and management provided by an outside body, sometimes under SLA, but not always. The library may need to negotiate or pay extra every time they want something new developed, and it can be very limiting.
- some mix of in house support and external support.
This last option is the one I am most interested in. It seems to me there are significant advantages, and risk of major problems. I’ve seen both at work. So how do we get the mix right, how do we ensure good communication, how do we develop enough of an understanding of each other’s business to appreciate what is being done and enable the business of the organisation?
That’s what I am going write about next time.