Let Aprio perform your next Technology Assessment There are many aspects, components and dependencies to consider when designing or improving a comprehensive technology environment for passing audits or compliance readiness. This framework was created back in 2015, revised in 2017 and improved again in January 2019 to help our clients' leadership, stakeholders and technology management teams understand the breadth of their 'current-state' environment and then help us articulate the many moving targets and critical controls requirements for 'future-state' planning, budgeting, execution, testing, operations hand-off, monitoring and achieving sustainability.

1. Monitoring AProject Charter Planning Execution & Milestone Tracking
Design, Governance, Risk,
Compliance & Process
Mapping, Approach
& Budgeting
Mark S Mahre
Aprio Technology Alignment Framework
ASSESSMENTDISCOVERY
Suitability, Remediate,
Test & Implement
CONTROL
CXO s, CISO, Directors, SME s, Analysts, Project Managers & Consultants
Resources , Timeline,
PMO & Gap Analysis
Sponsors & Stakeholders, Business Owners
Strategy, Requirements
& Roadmap
Business Case
Project Scope
Success Criteria
Requirements
Objectives
Approvals
Project Design
Project Tasks
Risk Assessment
As-Is Assessment
Project Financials
Project Scheduling
Project Kick-Off
Resource Scheduling
Gap Assessment
Future State Mapping
Risk Assessment
Identify Required Controls
Governance & Process
Data & Security Mandates
Change Controls
Authentication
Encryption Controls
IncidentManagement
KPI s & Metrics Goals
GRC & Readiness
Employee Training
Controls Mapping
Systems & Infrastructure
SOP s & Alignment
Operational Effectiveness
Risk Mgmt. Controls Testing
Data Security Monitoring
Ops Review & Enhancements
Dashboards, KPI s & Analytics
Quarterly Leadership Meetings
DESIGN & BUILD TEST & EXECUTE
Controls, Analytics &
Sustainability
Risk Mitigations
Suitability of Design
Data RPO/RTO
DR/BCP Strategy
Remediation Testing
Cloud / Co-Lo Contracts
Mahre 2017
ALIGNMENT
Operations / Cloud
Task % Task % Task % Task % Task % Task % Task %
Business Case Project Requirements Confirm Milestones Project Execution Kickoff Governance Framework Governance Execution Operations Mgmt.
Project Scope of Work Project Plan & Budgets Create Templates Assessment Meeting Critical Controls Testing Critical Controls in Place Risk Mgmt. Controls
Data Security Mandates Risk Assessment Approach Identify Partnerships Employee SOC Intro Meeting Change Controls Tested Change MGMG. Controls Network Monitoring
Success Criteria Defined As-Is Assessment (Gaps) To-Be (Targets) Change Control Process Network Penetration Testing Help Desk System in Place Data Security Monitoring
Road Map (Milestones) Project Financials People/Resources Critical Controls Accuracy Client Data Security Testing System Uptime Reporting SW License Management
Security Mandates Schedule Quarterly Mtg. Readiness Assessment Security Governance Process Network Monitoring Results Cybersecurity & Risk Contracts Management
Approval Signoffs Resource Scheduling System Description Risk Avoidance Governance Cloud Testing Results Data Encryption Reporting DR / BCP Testing
Resources Identified PMO – New Project Information Security Cyber Risk Analysis/Metrics Cloud Monitoring Results Client Satisfaction Surveys Help Desk Mgmt.
Blackout Dates Identified Status Meeting Schedule Employee Handbook Infrastructure & Network Security Awareness Education Final PMO Meetings Provisioning Mgmt.
Project Budget Plan Timeline-Milestones Plan Asset Inventory - CMDB Cloud Stack Review Incident Response Testing DR/BCP 2018 Plan in Place Decommissioning Mgmt.
Contact Legal Rep. Operations Hand-Off Plan Change MGMT. Strategy End-2-End Data Encryption DR/BCP Testing Next Year Planning Cloud / TAM Mgmt.
Identify Stakeholders Communications Plan Building Security Plan HIPAA / PHI Mandates Readiness Reviews Breach Communication Plan FY Budgeting
Technology Strategy Cost Optimization Plan Policies & Procedures Regulations Policies Change Mgmt. Process Availability Mgmt Framework Compliance Readiness
Operations Strategy Project Org. Chart Strategic Sourcing Portfolio Mgmt. Framework Application Mgmt. CMDB Operations Hand-Off Notice IT Finance Analytics
CXO & Leadership CISO CIO COO Legal CFO PMO
Aprio Team Security Team IT Team Operations Team Contracts Team Finance Team Consultants
Month 1 Month 2 Month 3 Month 4 & 5 Month 6 & 7 Month 8 - 11 Month 12
Aprio | Version 25.1 | September 2019