ICT CRISIS – Now, who’s responsible?

Another day in IT – another crisis …

 

Some ransomware, data breach, insider threat or new TLA (three letter acronym) that poses a risk to your corporate information systems and assets.

 

So the question becomes: WHO’S RESPONSIBLE?

 

Principle 12 of the King IV report states that:

“the Governing Body (of an organisation) should govern technology and information in a way that supports the organisation in setting and achieving its strategic objectives.”

 

With emphasis that information should be recognised as a corporate asset and confirms the need for governance structures to protect and enhance information in line with POPI requirements…

 

As the CIO of Pfortner, I start by looking at who knows, understands and can correctly respond to situations such as a critical data loss. We deal with very sensitive customer information and this data lifecycle must be managed closely to ensure we act in the best interest of our clientele.  However, when things go wrong our entire management team must own up and say – we’re accountable and responsible and we have taken every step we can prior to this incident taking place.

 

All too often the CIO is singled out and punished; some have even “fallen on their own sword” after an incident when clearly managing multinational enterprise organisations

 

This cannot be right?

 

Technology governance and security have become critical issues. It is no longer simply an enabler; the systems created and used by an organisation provide the platform on which it does business.

Technology is now part of the organisational DNA. Thus, the security of information and systems have become critical.

 

Technology governance and security should become another recurring item on the governing body’s agenda.

 

So my question to you:

“Is security and governance part of your standing board / exco meetings?”