3.1.4 Information Technology Policy and Procedures
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 |
Effective from 2021-11-04 - Nov 03 2021
To view other versions open the versions tab on the right
Principle
IT policy and procedures should be defined, approved, communicated and implemented to set member organizations commitment and objectives to IT and communicated to the relevant stakeholders.
Control Requirements
| 1. | IT policy and procedures should be defined, approved, communicated, and implemented. | |
| 2. | IT policy and procedures should be reviewed periodically taking into consideration the evolving technology landscape. | |
| 3. | IT Policy should be developed considering input from relevant member organizations policies (6.8. cyber security, finance, HR). | |
| 4. | IT Policy should include: | |
| a. | the Member Organization's overall IT objectives and scope; | |
| b. | a statement of the board's intent, supporting the IT objectives; | |
| c. | a definition of general and specific responsibilities for IT; and | |
| d. | the reference to supporting IT (inter)national standards and process (where applicable). | |