Book traversal links for 3.1.2 Information Technology Strategy
3.1.2 Information Technology Strategy
No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 | Status: In-Force |
Versions (3 versions) |
Principle
An IT strategy should be defined in alignment with the Member Organization's strategic objectives and in compliance with legal and regulatory requirements.
Control Requirements
1. | IT strategy should be defined, approved, maintained and executed. | |
2. | IT strategic initiatives should be translated into defined roadmap considering the following: | |
a. | the initiatives should require closing the gaps between current and target environments; | |
b. | the initiatives should be integrated into a coherent IT strategy that aligns with the business strategy; | |
c. | the initiatives should address the external ecosystem (enterprise partners, suppliers, start-ups, etc.); and | |
d. | should include determining dependencies, overlaps, synergies and impacts among projects, and prioritization. | |
3. | IT strategy should be aligned with: | |
a. | the Member Organization's overall business objectives; and | |
b. | legal and regulatory compliance requirements of the Member Organization. | |
4. | IT strategy at minimum should address: | |
a. | the importance and benefits of IT for the Member Organization; | |
b. | the current business and IT environment, the future direction, and the initiatives required to migrate to the future state environment; and | |
c. | interdependencies of the critical information assets. | |
5. | Member organization should identify IT strategic and emerging technology risks that may have impact on the achievement of overall organization wide strategic objectives. | |
6. | Member organization should enhance skill sets and expertise (operational and technical) of the existing resources through providing periodic training on emerging technologies and if required to have the relevant resources on boarded in line with member organization direction towards digitalization. | |
7. | IT strategy should be reviewed and updated periodically or upon material change in the Member Organizations operational environment, change in business strategy, objectives or amendment in laws & regulations. |