We work with in challenging environments many of which operate in a complex and demanding regulatory environment. Information Technology is a core enabler of strategy and business development for organisations. Many regulatory authority bodies, e.g. The Central Bank of Ireland (Financial Services) or HSE (Health) require regulatory oversight into operations including IT. An oversight function is placed on management or boards / volunteers to oversee IT without, on occasions the necessary skillset to understand, manage IT providers and information produced. IT Risk Management is a recurring theme in the reports that requires action upon from the Central Bank for credit unions for example.
To consider:
- Does your Asset Register reflect what computers are in the organisation?
- Is the Risk Register populated with Cyber security or Information Technology based risks?
- Do you have an information security policy, or anything to give guidance to the operations of IT?
Taking the headache away of managing IT from staff who have more operational priorities
- Is the Management Team swamped with technology based projects and finding it difficult to project manage them?
- Do your policies reflect actual requirements of the organisation?
- How confident that your business can recover from a cyber incident in terms of business impact and operational functions?
- Is the board aware of their onus with regard to Information Technology Risk Ownership?