All set to discuss practical recommendations to allocate responsibilities for IT initiatives in the IT Governance Day hosted by Copenhagen Compliance, Global GRC and GDPR Solutions (Feb 17, online, EN). I will address how to plan, coordinate, execute, and monitor compliance and performance actions for IT projects.
📰 As a new compliance requirement, the EU Data Governance Act is expected to be published next week. It is going to provide a harmonized framework for data sharing, conditions for access by public bodies, international data transfers, cloud switching, and interoperability of providers of digital
services and Internet of Things.
#itgovernance #compliance #gdpr #ITprojects #ITcontrols #cybercompliance #EUDataAct
3. Raise the profile of IT
Identify and prevent cyber threats on
future products and projects
Identify low productivity processes to
digitalize
Standardize and improve infrastructure,
applications and helpdesk services
Provide training to better use IT assets
Coordinate business continuity
arrangements
4. Align IT and strategic plans
Validate clear deliveries with business
owners
Cover group and subsidiary plans
Assess risks to set investment priorities
Assess the full use of IT staff and assets
Analyze the impact of new strategies
Assess budget and capability gaps for IT
projects
Assess development vs outsourcing or
5. IT governance to improve performance
Use RACI to allocate controls to roles
IT asset owner, IT contract owner, IT obligation owner
Assess the risks on the assumptions of IT initiatives
Embed obligations into controls in procedures
Allocate single owners to time-framed action
plans
Measure KPIs incorporating the users’ feedback
Measure non-compliances and budget deviations
Plan skills and headcount for scalability
6. Reduce IT risks
Encrypt data at rest and in transit
Test business continuity plans
Log and monitor abnormalities in user activity
Enforce multi-factor and strong authentications
Perform strong due diligence on IT vendors
Detect and patch vulnerabilities
Update software and firewall rules
Install a data loss prevention software