IT governance may not be the most exciting topic but it needs to be front and centre of every IT strategy because it’s fundamental to an organisation’s security. Getting it wrong can be extremely costly – but of course being overly averse to risk is also expensive. Excessive restrictions mean a slow response to changing situations, but too few can put a business at risk. It’s also something that needs to be continually reviewed to keep up with changes in IT and new threats.
So where do you start in assessing whether your current governance is fit for purpose? Standards and best practice frameworks such as ITIL, which can be formally accredited to ISO20000 for service management and align to ISO27001 for security management, will provide some of the guidelines and processes you need. However, no standard ever written can cater for an individual organisation’s attitude to risk.
Setting the right governance policy means taking a long hard look at your organisation’s ethical stance, cost model and culture, the legal and potentially moral frameworks it operates in, and its security requirements and appetite for risk. What is right for an organisation in the finance sector will not suit other sectors – but as more and more businesses depend on online financial transactions, more of them will need to move closer to the appropriate standards to provide the required level of corporate assurance.
You also need to ensure that your suppliers align with your corporate governance, as their behaviour can have a critical impact on your customers. This means working closely with your major technology suppliers so that together you can design long term security and stewardship of your organisation’s strategic assets. Your aim should be a cost effective partnership on agreed standards and the joint operation of governance, risk and compliance.
If this sounds like hard work – it is! But no-one wants to be the next company making the headlines for all the wrong reasons. If you’d like advice, we’re here to help. As well as having the necessary qualifications we’ve helped many companies implement governance and compliance standards, which means you can benefit from their experiences and put in place a policy that’s tailored to the specific needs of your business.