Public Act 327 of 2004 Sec. 579:

Industry Lifecycle Practices

• PC hardware: 40% of companies are on a 4-year cycle, 30% are on a 3-year cycle, and 30% are on other (longer) cycles. Experts favour a four-year cycle. Longer cycles may leave hardware out of warranty and unsupported, sub-optimize worker productivity, or present budget problems (e.g. when external events create a need for wider change).
• PC software (operating systems and utilities): Upgrade operating systems strategically, i.e., based on advantages/risks presented by the upgrade, not with every new Windows operating system (OS) release.
• Number of vendors (Dell, HP, Apple, etc.) supporting the organization: Typically, one vendor for each segment of a computer fleet; e.g., Company ‘A’ for desktops. This practice provides vendors with pricing incentives.
• Federal Office of Management and Budget (OMB) has indicated that they do not have an official refresh or life-cycle policy, but they do have a goal of a three year refresh schedule for desktop replacement.
• The Governmental Accounting Office (GAO) stated that they do not have an official position, but the common federal practice that they have observed informally among agencies is a three-year replacement goal.

Security Issues

1. Outdated hardware systems are vulnerable to attacks at sign-on.
2. Older systems don't have adequate locking and password functions.
3. Security fixes and vulnerability patches are often no longer available for older systems.
4. Older operating systems often don't contain the necessary tools to identify and remedy system compromises.
5. The risk of system compromise via Instant Messaging attacks is greater with outdated equipment.
6. The overall security risk for older systems is increased due to a lack of available technical support and defensive measures.

•   Service Level Agreement