Data Protection Governance IT

www.yourlegalconsultants.com
info@yourlegalconsultants.com
Data protection: Governance IT
Key Questions

GOBERNANCE IT: KEY QUESTIONS Free information
1. COMPUTER SYSTEMS
2. PROCESSES AND USERS
3.SERVICE PROVIDERS
4. COMPUTING PROCECEDURES CHECK IN
5. PRODUCTIVITY
6. COMPUTING AND COMMUNICATION SYSTEMS PLAN
7. INTERNAL AUDITS
8. SECURE ENVIRONMENT
DOCUMENTS FOR GOVERNANCE IT Payment required
9. PROCEDURE DOCUMENTS

GOVERNANCE IT
Free information

1. COMPUTER SYSTEMS
1. Do you believe that your company's computer system caters to its needs?
In addition to providing the necessary functionality, a computer system must transmit a sensation of service efficiency, and
should never be an obstacle to the creativity of its users.
2. Do your computer systems require ongoing attention?
The organisation's computing must be looked after as one of the pillars on which the business is founded.
3. Do your computer systems require urgent repairs?
Emergencies are only acceptable when they entail the take-up of new business needs. Anything else is a lack of foresight.
4. Do you believe that the amount of faults with the Computing Systems is excessive?
If your systems are affected by an excessive level of faults, then a rethink on the investment in this regard is needed, either on
grounds of depreciation or design.
5. Do you believe that your company's computing systems adapt to computing trends?
Information systems must provide stability, functionality and scalability. Scalability is what will enable investment to be
modulated in accordance with increased needs.

2. PROCESSES AND USERS
1. Are users happy with the service provided?
If the systems are unable to generate well-being and functionality for end users, it is because they are badly designed, because
the reason for their existence is precisely that.
2. Are work procedures excessively monotonous and routine?
A user environment that is unfriendly and unintuitive leads to users becoming easily tired, which in turn causes a level of
listlessness that few organisations could allow.
3. Do users complain about the computing processes?
Receiving generalised complaints concerning the obligations generated by this or by that process implies, as well as a poor
design, that most users are predisposed towards an improvement.
4. Are there training manuals and plans covering the use of systems?
It is not possible to set up systems and procedures without the mandatory training of users that are to receive them. Neither
should these be designed without consultation with users.
5. Do users habitually complain about the systems?
If your users are complaining about the systems it is because the organisation still has time to adopt measures in this regard.

3. SERVICE PROVIDERS
1. Do you believe that your IT service provides sufficient assistance?
The organisation’s IT service must have the means required to comply with its obligations, as well as an appropriate
methodology for handling incidents and changes.
2. Are users happy with the response times to incidents?
Almost invariably, a delayed response to incidents is almost always due to methodological failures or a lack of resources.
3. Are users happy with the way in which incidents are resolved?
Lack of an appropriate methodology to resolve incidents leads to a feeling of instability for recipients of the service.

4. COMPUTER PROCEDURES CHECK IN
1. Are the computing procedures checked?
Setting up checks on the organisation’s key computing procedures represents a further step in stabilisation of systems
environments, generating a feeling of security that is proportional to the standards employed.
2. Do you believe these checks are sufficient?
The sensation of insufficient control is generally perceived through lack of security guarantees, which are usually due to
downtime, the integrity or inviolability of data.
3. Does your organisation have a development environment that is separate from the production one?
The preparation of new systems must always be carried out separately from the production systems, reproducing a working
environment that is as faithful as possible, to avoid service being affected.
4. Do solutions to technological problems take forever?
The first sign that systems are reaching the level of obsolescence is the failure of the standard channels in resolving incidents,
generating delays that lead to more staff time spent and, therefore, directly affecting the system’s profitability.

5. PRODUCTIVITY
1. Do you believe your employees’ productivity is too low?
Aside from personalised character considerations, in those environments that depend on technological tools, the
inappropriateness of these tools invariably leads to a fall in productivity.
2. Is productivity lower with regard to the rest of the market?
Occasionally, the inappropriateness or the obsolescence of systems put organisations at a disadvantage with regard to their
rivals. This makes it necessary to carry out palliative or costly investments, depending on the diagnosis.
3. Is there a high rate of work-related stress?
The difficult situation that companies occasionally experience causes high levels of resistance to change, making their
application more complex and, therefore, excessively affecting the mood of individuals.
4. Do you believe your organisation is losing credibility?
A company starts to lose credibility at the time when the growing difficulties to perform their tasks are perceived by the
market. Any change which, on being designed and applied, does not consider the objective adaptation of computing systems
will contribute to this trend.

6. COMPUTING AND COMMUNICATIONS SYSTEM PLAN
1. Do you perceive structural and functional disorganisation?
The ladder of responsibilities for the information systems reproduces the scaling of needs for the rest of the organisation. A poor design in this
regard will lead to a lack of coordination and poor service.
2. Do you perceive a risk of Operational, Technology and Information insecurity?
You need to have the elements required to control the information systems in an orderly manner and with the direct support of company
management.
3. Are the deadlines for periodic results being met?
Instability and lack of proper work methodology lead to recurrent problems. You must also ask yourself whether what is requested is, simply,
possible.
4. If there are Computing and Communications Systems Plan?
Organisations need to have a systems plan adapted to each year, which provides the maximum forecast with regard to investment, and with
priorities marked in accordance with the importance of the assets used.
5. Is the planning being properly complied with?
Non-compliance with planning is either down to an excessively changing environment or to an insufficient forecast.

7. INTERNAL AUDITS I
1. Do you believe that information technology helps you to take operating decisions at your organisation?
If this is not the case, either you do not need it or proper use is being made of the same.
2. Do you carry out internal audits of communications and system?
The only way to be aware of the ‘state-of-the-art’ at an organisation's headquarters is by carrying out internal or external
audits of its systems. These audits should be carried out considering the service life and with full tracking of each business
process, applying proven and critical methodologies to the systems under analysis.
2. Are they used to repair faults?
The main objective of a systems audit lies in its capacity to detect the needs and faults of the system and to propose the best
possible solution taking the audit as a whole.
3. Is there a certain lack of coordination in decision-taking?
Decisions that are not coordinated with other affected departments lead to an exponential increase of the effects of the faults
generated, as it will not be applicable overall.
4. Do the information systems cause significant budgetary deviations?
Lack of a clear method to analyse needs leads to budgetary instability and forces the minimum investment, making it
impossible to carry out a stringent needs-analysis.

7. INTERNAL AUDITS II
5. Do you believe the costs of your systems are excessive?
When costs are excessive, the reason usually lies in the increase of maintenance actions and maintenance costs through
obsolescence or over-depreciation, or because the investment has been oversized.
6. Is there a Contingency Plan?
The contingency plan provides continuity to the key business processes in the event of a catastrophe. Whether or not one is
required depends on the nature of the products and services provided to customers.
7. Do users complain that decisions from Management with regard to Information Technologies are ineffective?
The answer to this question is a further question: Do you have the means necessary and the appropriate methodology to
produce the appropriate decisions?
8. Do the Information Technologies represent a part of the organisation's daily life?
Nowadays, virtually all organisations are more technical from an information technology point of view. If the organisation
perceives Information Technologies as a further work tool and uses them reasonably, this represents an indicator of the level to
which systems are adapted, the level

7. INTERNAL AUDITS III
9. Do you believe the costs of your systems are excessive?
When costs are excessive, the reason usually lies in the increase of maintenance actions and maintenance costs through
obsolescence or over-depreciation, or because the investment has been oversized.
10. Is there a Contingency Plan?
The contingency plan provides continuity to the key business processes in the event of a catastrophe. Whether or not one is
required depends on the nature of the products and services provided to customers.
11. Do users complain that decisions from Management with regard to Information Technologies are ineffective?
The answer to this question is a further question: Do you have the means necessary and the appropriate methodology to
produce the appropriate decisions?
12. Do the Information Technologies represent a part of the organisation's daily life?
Nowadays, virtually all organisations are more technical from an information technology point of view. If the organisation
perceives Information Technologies as a further work tool and uses them reasonably, this represents an indicator of the level to
which systems are adapted, the level to which users are trained and the level to which management is involved in IT
management.

8.SECURE ENVIRONMENT
1. Do you know what it would cost if your business systems stopped running?
You must remember that the downtime of systems has an impact not only on revenue from the time it occurs; you must also
seriously consider the consequences of system reliability with regard to future customers. A high production environment must
have an appropriate contingency and business continuity plan.
2. How long could your organisation survive without communications?
If you've got this far, the answer is “0”. Communications require the appropriate level of redundancy, if possible, with a range
of suppliers and service technologies.
3. Do you have a secure environment for your hub systems?
The conservation of central service systems is essential for business continuity. The availability of central systems and
communication systems in a secure environment (Data Processing Centre or DPC) is essential. There are therefore solutions
adapted to the needs of all levels.

GOVERNANCE IT DOCUMENTS
Payment required

9. GOBERNANCE IT DOCUMENTS
Key points in implementing governance IT
Procedure documents

Thank you for your interest
governanceIT@yourlegalconsultants.com
For personal queries, please contact:

Data Protection Governance IT

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Data Protection Governance IT

Similar to Data Protection Governance IT (20)

More from Cristina Villavicencio

More from Cristina Villavicencio (20)

Data Protection Governance IT