Why is compliance and governance necessary?

IRIS ITGeneral, Newsletter

One of the central adages of Information Technology is that there should always be one version of the truth. What this means is that systems should measure and control a specific business area, and there should be only one system to do it. This requires governance and control. I remember working for a major resource company, where a manager “decided” to keep and present financial information in an MS Access database. This information was presented all the way to the board. However, as this information was presented without the knowledge or consent of the ICT department, no one spotted that the information was three years out of date. So major corporate decisions were made on flawed data.

In another organization, a ruling was implemented that no one was to use MS Access. I talked to an onsite manager, who had negated this by using code in MS Excel. I indicated to senior management that this was not a good idea. This little system soon became the key system for production, though the manager who wrote it had long since left the company. The same manager that I had warned showed me a quote from the author (of the system) to update it for $500.00 an hour.

Some years ago, I was part of an audit for a major telco. Their governance was so poor that they were paying support on some systems that were discontinued, and not paying for support on others that were business critical. Their first job was to map what systems they had, where they were installed, who owned them and who supported them.

What this has taught me is the importance of governance. All data and processes need to be controlled centrally. Rules about what system controls what business function need to be properly considered and understood. Standards need to be set so that systems do not allow malicious code or unauthorized access to be granted. This includes not only ICT systems, but the systems that they use (downstream systems). Major data breaches have occurred from systems which are very secure, but the systems they use are not.

IRIS IT helps many of our customers using two stages. The first is to audit the current systems and identify current business risks. The second stage is to develop a plan to improve governance and control over time. This can be measured against the SA Governments Essential 8 protocols, or any other standards that are relevant for individual organizations.

This is one of the ways that IRIS IT can partner with your business, adding value for your Information and Communication Technology (ICT) systems whilst ensuring that your organization is safe, secure, resilient, and most importantly compliant!

Give us a call at: 0883630371

The last day for reserving your (.au) domain is the 20th of September. After this date, anyone can purchase this domain which means you will no longer have any ownership or rights over your .au domain. Searches for your business name can be redirected to your competitors, malicious sites or even more reputation ruining sites.

IRIS IT strongly recommends that you reserve the (.au) domain as soon as possible.

IRIS IT can arrange for the registration of your domain.