Letter from the CEO
September 1, 2022
Dear Clients and Friends,
As part of my monthly “Letter from the CEO” series, I usually try to keep our customers and followers abreast of the latest trends, interests, and occurrences in the field of corporate IT. Typically, these topics revolved around cybersecurity, compliance and collaboration tools.
We did notice a somewhat different trend within last several months: IT Governance and IT Organization.
By IT Governance is meant a formal framework that provides a structure for organizations to ensure that IT investments support business objectives.
By IT Organization is meant an actual administrative structure that supports monitoring and administration of an organization’s Information Technology systems: hardware, software and networks.
An example of IT Governance is a document that states how SharePoint library permissions and naming conventions should be held in the organization. Another example would be a data retention policy.
An example of IT Organization is a Help Desk ticket flowchart. Another one would be a monthly report of data usage, with timestamp by usage.
If compared to the structure of US Government system, IT Governance would be the Legislative Branch, and the IT Organization would be the Executive Branch. Which leaves the person responsible for IT in the company (usually YOU, the usual recipient of this newsletter) – a master of the Judicial Branch
Regardless of idiosyncrasies of how IT is organized – it should be organized. I feel that the current organizational trend is not a fad – it is a natural desire to organize systems, that recently, by and large, are in some kind of order, and a better order is desired.
Where does one start when such IT Organization efforts are at hand?
The answer is: IT Compliance Framework.
The one we typically advocate at Sequentur is the NIST Compliance Framework.
NIST (National Institute of Standards and Technology) is a non-regulatory agency under the US Department of Commerce. Its primary role is to develop standards (particularly for security controls) that apply to various industries.
NIST standards are based on best practices. That’s why the government has been recommending them for use by companies or organizations. Among NIST’s standards and guidelines, the most widely adopted is the NIST Cybersecurity Framework (CSF), used for assessing cybersecurity risks. There is also NIST 800-171 and NIST 800-53, which tackle unclassified information.
Even though it is designed for Cybersecurity, in our experience, once a full NIST compliance is done – there will be no stone left unturned when it comes to overall organization of IT throughout your organization.
Below is more info on NIST: https://www.nist.gov/cyberframework