Sustainable Infrastructures through IT Compliance
Content of Figures
1 Management Summary
IT Governance as the sum of all policies, the organisational structure and the enterprise process framework must ensure that IT is implemented adequat ...
Login Free 30-day Select Access Get full Access2 Highlights
- IT Compliance and Risk Management must be understood as not an additional burden.
- Embedding IT Compliance and Risk Management into all relevant bu ...
3 Introduction
This document suggests a paradigm change by understanding IT Compliance as a central corporate goal, thus enabling new synergies and fostering busines ...
Login Free 30-day Select Access Get full Access3.1 Building blocks of IT Governance
IT Risk management is often considered to be a part of IT Governance. This discipline looks at threats and risks to information and the systems proces ...
Login Free 30-day Select Access Get full Access3.2 Regulations and requirements
Many requirements are imposed on organizations based on national or regional legislation but also on the basis of their industry or the type of busine ...
Login Free 30-day Select Access Get full Access3.3 Best practice frameworks
Identifying the applicable requirements is an important task. Once those have been determined, it is of course of importance to get to an adequate pro ...
Login Free 30-day Select Access Get full Access4 Business values as the basis for a strategic IT compliance approach
Forward-thinking organisations build their corporate actions on a solid basis by defining corporate goals and pursuing them constantly. Extending typi ...
Login Free 30-day Select Access Get full Access4.1 Identifying business values beyond mere regulatory compliance
An essential, strategic challenge for every organisation is the definition of adequate corporate goals. These goals ideally determine the bottom line ...
The important step that should be taken up-front is to understand that a change in focus is required. Taking additional or modified enterprise objecti ...
Login Free 30-day Select Access Get full Access4.2 Building on a mature GRC program
Companies in the financial services sector were among the first that had to get used to various national, international and sector-specific standards ...
Login Free 30-day Select Access Get full Access4.3 Understanding external and legal requirements as success factors
Being compliant to legal requirements has typically not been considered as a main objective for organisations. But once it is understood that the fail ...
An adequate definition of corporate objectives between traditional market oriented goals and secondary goals as described above needs to be accepted a ...
Login Free 30-day Select Access Get full Access4.4 Changes in business models and IT
Many factors influence the changes that can be currently seen and that will have an impact on the way we do business today and even more tomorrow. Now ...
Login Free 30-day Select Access Get full Access4.5 From external requirements and corporate objectives to a policy framework
An essential part for defining the necessary requirements is the set of external laws and regulations to be met. Understanding which legal and regulat ...
The high level of abstraction for these documents implies that not all internal or external requirements need to be codified within corporate policies ...
Login Free 30-day Select Access Get full Access5 IT Compliance and IT Security by design
With the increasing number of legal requirements as well as the growth in of individual requirements, many organisations must identify the right contr ...
Login Free 30-day Select Access Get full Access5.1 Determining and documenting business benefits
Embedding the demands resulting from IT Compliance into robust and secure IT processes and technologies is both a challenge and an opportunity for man ...
The following two sections illustrate potential benefits as examples for the advantages that can be gained from the suggested approach.
Login Free 30-day Select Access Get full Access5.2 Potential benefits for breach and incident management
Breach and incident management systems are designed to achieve a controlled and proactive approach to handling security threats and incidents. They im ...
Login Free 30-day Select Access Get full Access5.3 Potential benefit for infrastructure management and sustainability
A strong level of control over corporate IT systems, no matter whether they are in the cloud, on premises, or a hybrid, helps in achieving a much bett ...
R |
A |
C |
I |
|
Task |
Responsible |
Accountable |
Consulted |
Informed |
Maintain policy ... |
6 Recommendations
One main conclusion is that implementing IT Compliance as a corporate objective needs to be understood and facilitated not only within IT but also fro ...
Login Free 30-day Select Access Get full Access