3.1.4 Information Technology Policy and Procedures
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 | Status: In-Force |
Principle
IT policy and procedures should be defined, approved, communicated and implemented to set member organizations commitment and objectives to IT and communicated to the relevant stakeholders.
Control Requirements
| 1. | IT policy and procedures should be defined, approved, communicated, and implemented. | |
| 2. | IT policy and procedures should be reviewed periodically taking into consideration the evolving technology landscape. | |
| 3. | IT Policy should be developed considering input from relevant member organizations policies (e.g. cyber security, finance, HR). | |
| 4. | IT Policy should include: | |
| a. | the Member Organization's overall IT objectives and scope; | |
| b. | a statement of the board's intent, supporting the IT objectives; | |
| c. | a definition of general and specific responsibilities for IT; and | |
| d. | the reference to supporting IT (inter)national standards and process (where applicable). | |