Over the course of the last several years as project manager
I’ve seen an increased interest in data security and this is a wonderful thing.
After several high profile leaks of personal information companies across the
world are finally understanding the need for a practical and deliberate
approach to governing company-wide IT systems. It’s not flashy, it’s not going
to get customers to love you but it is a cost of doing business. On top of that
if you don’t do it, you might not have a business to run if things go wouth. The
quickest way to lose credibility is to be wreckless with something someone else
values – not to mention if it’s something personal – and every person involved
in the EA governance process should know that:
We are steward of the data we collect – we don’t own it.
Adoption of EA processes including an ARB and a robust
governance process is integral to standardizing security controls across a
company. The ARB must perform a risk analysis and vet each and every project
according to its level of risk and complexity. It is imperative that EA team
befriend and work closely with project teams to understand the scope of each
project because EA program should not be involved in day to day project work.
EA should act as gatekeepers at major milestones of the project or at the very
least during the planning and closeout stages of projects. Too much EA
involvement can be as bad as too little.
So keep it simple – where and whenever possible.
No comments:
Post a Comment