Top 10 Best Practices to meet IT governance and compliance requirements

Top 10 Best Practices to meet IT governance and compliance requirements

Top 10 best practices to meet governance and compliance requirements are a baseline tat “World Class” CIOs and enterprises all follow.

  1. Understand all existing and proposed regulation and compliance requirement.  This includes industry, state, local, federal and international regulations and mandates
  2. Have clear definition of duties (job descriptions) that meet all infrastructure, security and compliance requirements. These should be well documented and distributed throughout the enterprise.
  3. Continually assess the internal controls of IT that are in place. This requires interaction with both internal and external auditors.
  4. Establish a baseline of IT internal controls – include a definition of baseline policies and procedures that need to be in place in IT function.  Infrastructure policies and procedures must be constantly reviewed and updated.
  5.  Audit compliance to baseline of IT internal controls and governance requirements. All levels of management need to be involved.
  6.  Track access to all “protected” and confidential data. This has to be real time and responsive as the exposure the enterprise faces continues to increase over time.
  7.  Preserve audit data in secure long term storage.  After the fact reviews can not take place unless this occurs.
  8.  Establish and enforce separation of duties and management accountability are key.
  9.  Implement metrics that support the alignment of IT with enterprise requirements. To measure is to modify behavior.  The right metrics need to be in place.
  10.  Implement a function which focuses on implications of new technology on infrastructure and governance of IT.

One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.

  • CIO IT Infrastructure Policy Bundle (more info…)All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable
    • Backup and Backup Retention Policy(more info…)
    • Blog and Personal Web Site Policy(more info…) Includes electronic Blog Compliance Agreement Form
    • BYOD Policy Template(more info…) Includes electronic BYOD Access and Use Agreement Form
    • Google Glass Policy Template(more info…) Includes electronic Google Glass Access and Use Agreement Form
    • Incident Communication Plan Policy(more info…)Updated to include social networks as a communication path
    • Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy(more info…) Includes 5 electronic forms to aid in the quick deployment of this policy
    • Mobile Device Access and Use Policy (more info…)
    • Patch Management Policy(more info…)
    • Outsourcing and Cloud Based File Sharing Policy(more info…)
    • Physical and Virtual Security Policy(more info…)
    • Record Management, Retention, and Destruction Policy(more info…)
    • Sensitive Information Policy(more info…)HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form
    • Service Level Agreement (SLA) Policy Template with Metrics(more info…)
    • Social Networking Policy(more info…)Includes electronic form
    • Telecommuting Policy(more info…) Includes 3 electronic forms to help to effectively manage work at home staff
    • Text Messaging Sensitive and Confidential Information(more Info…)
    • Travel and Off-Site Meeting Policy(more info…)
    • IT Infrastructure Electronic Forms(more info…)

IT Infrastructure PoliciesInfrastructure Policy Sample

Author: Victor Janulaitis

M. Victor Janulaitis is the CEO of Janco Associates. He has taught at the USC Graduate School of Business, been a guest lecturer at the UCLA's Anderson School of Business, a Graduate School at Harvard University, and several other universities in various programs.