There are plenty of successful examples where an ICT shared service model is working and delivering the desired outcomes. However, bringing together different organisations, cultures, people and information systems is not for the faint hearted. There have been a number of failed or unsuccessful ICT Shared Services projects in the last 10 years. The failures can be attributed to a range of factors such as; a reluctance to lose sovereignty and power by the parties involved, a poorly devised business case, planning and setting overly ambitious expectations about the benefits to be gained from the project being just some examples.
Getting the foundations right for an ICT Shared Services model means IT Security Policies & Procedures need to be addressed early in the exercise. In doing so one can start to develop a positive IT security culture with clear accountabilities. With a mature understanding of managing risk and responsibility an organisation can function effectively and support the delivery of services.
Typically, we see a working group is formed to develop a draft model ICT Security Policy for use by the partnering organisations. However, this can be time consuming and challenging as different partners may have differing views on what is appropriate, based on their previous governance culture. Juggling day to day priorities may see people struggling to stay engaged in the modelling exercise and the level or quality of input from partners is therefore likely to vary.
The ideal outcome should be that the working group ultimately delivers a comprehensive set of well-defined ICT security policies. Having well defined IT policies and procedures that can be communicated to staff, reviewed and updated regularly to keep up with changes in the environment should include:
- Providing a security and acceptable use framework for the partner organisations
- Helping to protect the information systems and information assets of those organisations
- Providing a uniform level of control and guidelines for management
- Disseminating one information security message to all
- Communicating the IT security and acceptable use policies and guidelines to users
- Assisting with staff issues relating to the misuse of the technology or the information
- Providing a benchmark for monitoring and measurement compliance
- Meeting internal obligations of auditors and risk managers
When multiple entities move to forming a partnership, getting consensus on what will ultimately comprise a draft or final collection of policies to meet the above criteria will require a significant investment in time. Ensuring the policies are well worded, easy to understand and compliant with current standards (ISO, PCI, PSN) will extend this time commitment.
Protocol Policy Systems works with organisations moving to an ICT Shared Services model to objectively develop and deliver their immediate and future policy requirements. Our Consultants, IT Policy Management as a Service and methodology can deliver a result in under 8 weeks (elapsed timeframe) thus avoiding a very laborious time-consuming exercise. The policies are developed and tailored to meet each customers’ business requirements with automatic mapping to current standards.
Consolidating policies into a newly branded easy to reference environment should deliver some or all of the following outcomes:
- Bring together the stakeholders during the crucial first phase of delivery.
- Provide an early win for the fledgling operation.
- Personnel will think and act in a more security-conscious way.
- A reduction in each participating organisations’ security risk posture.
- Better enablement for the secure delivery of services.
- Ensure a stable foundation for future review.
To discuss how Protocol Policy Systems can help you get the foundations for an ICT Shared Services Initiative off to a positive start contact Emma Tickner.
To view our brief demonstration video, Click Here.