Information Technology Governance
Information Technology (IT) governance is a separate piece of the usual Corporate governance with an exclusive focus on IT computing environment and its systems, risk management practices, and operational control processes. It is the responsibility of management to define, establish and maintain an IT governance framework comprised of leadership, organizational structures and reasonable processes. The framework should indicate the need to take a more formal, consistent, and structured approach to the role of IT in the course of delivering its mission in the organization on a timely basis. In certain instances, the risk appetite of some organization may not sufficiently encourage the need for formal IT governance. However, we believe that as organizations mature, significant benefits exist to require the documentation of various accountability frameworks to help encourage desirable behavior in the use of IT. As a result, we provide formally documented governance consulting services in the following IT disciplines:
· Project management and Program management
· System Development Life Cycle Standards
· Security Administration and Assessment
· Infrastructure Optimization
· Data Category management
· Change management
· Strategic Outsourced Services
· Enterprise architecture
· IT service management
· Vendor management
· IT asset management
· IT portfolio management
· Disaster Recovery Planning and Business Resumption
· Integration of Acquired New Entity
The above list is not exhaustive of generally accepted IT governance, and it is not meant to imply that these disciplines do not exist informally in your organization. And they may not all be required in your organization. We purposely did not define and elaborate on each discipline so that your IT management team can prioritize and address those disciplines with immediate benefits especially those that are presently causing significant control weaknesses.
Finally, again it is NOT enough to develop and implement an IT governance only to become obsolete in no time. As a major investment of your organization, a formal process should be in place for keeping your documented governance current ongoing.
To obtain more information about our PCI Compliance Services, please complete the following form and select areas of interest. Our staff will contact you shortly with a response.
|
