7 Steps to Choosing an IT Governance Model
Mon, Jun 17, 2013 Laura Pelkey
At some point, your business may need to consider (or reconsider) an IT governance model, whether it be for very common PCI (Purchase Card Industry), or another type of compliance. IT governance refers to a set of IT practices that align with your business strategies to ensure compliance and security.
Before you jump into choosing an IT governance model, you must first determine what exactly it is you need from that model. Begin first by considering these 7 key aspects for developing your IT governance model:
1. Figure Out Your Needs
As the saying goes, if it ain’t broke, don’t fix it. But if you want to implement an IT governance model, then there must be something either wrong, or lacking, in your current implementation. Before rushing in to make changes, determine what it is that is and isn't working with your existing model (if one exists), or what doesn't exist that you need. If you don’t know what the problem is, how will you know if you are selecting the right model for your business?
2. Ask Employees for Input
Depending on your position in your business, you may be aware of some problems – but probably not all. As the IT governance model will affect all of your employees, it is important to understand their perspective too. You won’t be able to please everyone, but getting input from employees could expose problems you didn’t know existed.
3. Agree on Concrete Goals
You have figured out issues and have gathered input from employees. Your next step is to determine what do you want to achieve from your IT governance model? Is it some basic guidelines; more stringent, detailed, process-driven rules; or simply a need for upgrading your existing IT security software? Agreement of concrete goals helps prevent miscommunication, budget overspending, and missed unreasonable deadlines.
4. Acknowledge Areas for Improvement
Presumably, part of an IT governance model is to implement or upgrade existing IT security software, and tighten up firewalls for maximum protection. Acknowledging the holes or obsolete areas in your security will help you determine IT security measures and tools that are appropriate for your business.
5. Clearly Define Priorities & Responsibilities
Everyone has a part to play in IT compliance, either by assessing needs, researching IT solutions, or simply following the governance model. But this can only work effectively if:
- the solution itself has been documented fully and clearly,
- responsibilities of the stakeholders have been well-defined,
- and everyone understands and accepts their responsibilities.
By spelling out who does what, you can avoid the old “I thought you were dong to do that” syndrome.
6. Ensure Continued Monitoring & Accountability
The game doesn’t stop once an IT governance model has been implemented. You then need to monitor if both management and employees start to (and continue to) adhere to the model as originally defined.
7. Define a Successful Model
How do you define success – is it simple adherence to the IT governance model; increased IT security; less duplication of work; or simply satisfied employees? Or maybe it is a system that is flexible enough to withstand tweaking when needed? It could be all of those things. Above all, you need to figure out what success means for your business, and when you have, or have not, achieved it.
Need guidance on understandering your staff, management, and IT security needs? iCorps can help you assess existing IT governance models to find the one that best matches your requirements. Simply request a free consultation with an iCorps representative.