Established within the organization and complete IT control framework is a long-term work, not overnight, shall, from basic to advanced, from easy to complex stages, eventually make IT become the core competitiveness of the organization.
Phase 1: IT planning and architecture design
The goal of this stage is to carry out information infrastructure, to build a IT platform to support business operations, the establishment of a sound technical framework and management processes.
2 major measures
The measures taken in the first phase are as follows:
• business process investigation, identify key business processes, and conduct preliminary modeling.
• establish a standard data system for business activities of the company, with the ability to quickly identify new business requirements and conduct business modeling.
• review business strategy, set up IT vision objectives, IT planning and architecture design, establish a standardized IT technical standards and management standards.
Set up project management and supervision system, analyze and control the project performance.
• set up internal staff training system and implement all staff training.
The second stage: improve IT governance, the initial control
The goal of this stage is to establish the IT risk control system under the guidance of the overall governance framework to provide a reliable guarantee for the operation of the business system.
2 major measures
The second steps taken are as follows:
Establish the IT Governance Committee, improve the IT decision-making mechanism and the responsibility of the framework, to ensure that the IT strategy into the organization’s business strategy, so that IT into the organization’s top management of the daily issues.
Divide security domain, identify information assets, conduct risk assessment, establish information security system in accordance with ISO27001, and protect the confidentiality, integrity and availability of information assets.
• establish IT service management system in accordance with ITIL specification, protect the reliable payment of organization and IT services, improve operational performance and customer satisfaction.
• improve the organization’s software development process and improve the quality of the software in accordance with CMMI standards.
• establish a business continuity plan (BCP) to ensure that the organization’s business and IT can continue to operate in the event of a major disaster.
The third stage: resource synergy, comprehensive control
The goal of this stage is to achieve effective resource coordination, provide reliable support for business activities, deepen IT risk control, and achieve the full integration of application systems and security systems.
2 major measures
The measures taken in the third phase are as follows:
The establishment of a unified application platform, IT resources to achieve synergy, to provide a flexible and reliable support platform for existing business and new business.
Establish a unified security platform, the establishment of an effective application control mechanism to achieve the full integration of application systems and security systems.
• improve the IT service management mechanism to further improve customer satisfaction with IT services, IT services for quantitative management.
• sort out all kinds of IT process, establish a standardized IT process control framework, in accordance with COSO and COBIT to establish IT process framework, clear the flow of KPI, KGI and CMM levels, the formation of a complete process control system.
Establish an information system audit system to ensure the efficiency and effectiveness of IT system from an independent and objective point of view.
Establish a scientific performance appraisal system for IT organization, personnel, process and project.
The fourth stage: business innovation, improve control
The goal of this stage is to achieve a high degree of integration of IT risk control and enterprise risk control, so that the IT strategy has become an important part of corporate strategy, IT for the enterprise to create new opportunities for competition.
2 major measures:
The measures taken in the fourth phase are as follows:
• IT strategy has become an important issue in the decision-making layer, IT participate in enterprise process reengineering, IT can create new profit growth point for the enterprise.
To provide high quality IT services for the whole organization, and to build a IT shared service center.
• IT become a profit center, accounting for IT.
• IT control to further improve, IT risk control and corporate risk control of a high degree of integration, the formation of a good corporate culture of information security.
In short, the establishment of IT risk management framework is an effective way to control the IT risk and ensure the organization to achieve its business objectives. IT risk control process described above is the general method summed up through research and practice of many years of different organizations in the process of establishing control, but also according to their own actual conditions according to local conditions, flexible application.
The author of the article has set up the need to be able to leave a message
Sweep the concern of the public, WeChat