IT governance GOVN
The establishment and oversight of an organisation's approach to the use of information, digital services and associated technology. Includes responsibility for provision of digital services; levels of service and service quality which meet current and future business requirements; policies and practices for conformance with mandatory legislation and regulations; strategic plans for technology to enable the organisation's business strategy; transparent decision making, leading to justification for investment, with appropriate balance between stakeholder benefits, opportunities, costs, and risks.
The creation, iteration and maintenance of a strategy in order to align IT plans with business objectives and the development of plans to drive forward and execute that strategy. Working with stakeholders to communicate and embed strategic management via objectives, accountabilities and monitoring of progress.
The overall governance of how all types of information, structured and unstructured, whether produced internally or externally, are used to support decision-making, business processes and digital services. Encompasses development and promotion of the strategy and policies covering the design of information structures and taxonomies, the setting of policies for the sourcing and maintenance of the data content, and the development of policies, procedures, working practices and training to promote compliance with legislation regulating all aspects of holding, use and disclosure of data.
Typically within a large organisation in which the information strategy function is devolved to autonomous units, or within a collaborative enterprise of otherwise independent organisations, the coordination of information strategy matters where the adoption of a common approach (such as shared services) would benefit the organisation.
Information security SCTY
The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.
The protection of integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit. The management of risk in a pragmatic and cost effective manner to ensure stakeholder confidence.
The validation and analysis of significant volumes of data, including the ability to discover and quantify patterns and trends in numbers, symbols, text, sound and image. Relevant techniques may include statistical and data mining algorithms and machine learning methods such as rule induction, artificial neural networks, genetic algorithms and automated indexing systems.
The evaluation and application of different publishing methods and options, recognising key features, including open source and proprietary options. The management and tuning of the processes that collect, assemble and publish information, including in unstructured and semi-structured forms, for delivery to the user at the point at which it is needed. The management of copyright, data protection and other legal issues associated with publishing and re-use of published information and data.