ISO 38500 1 big thing: Provide strategic risk guidance for IT projects, including evaluation and recommendation of technical controls.

669 words, 2.5 minutes read. By Gerard Blokdyk

ISO 38500 1 big thing: Provide strategic risk guidance for IT projects, including evaluation and recommendation of technical controls.

The big picture: Liaison so that your team identifies system functionality or performance deficiencies, execute changes to existing systems, and tests functionality of the system to correct deficiencies and maintain more effective data handling, data integrity, conversion, input/output requirements, and storage.

Why it matters: Make headway so that your strategy supports enterprise architecture, system operations and systems development, with priority, to ensure information security policy, standards and controls are planned for and effectively implemented.

Be smart: Work with Information Technology to operationalize the requirements of risk and control methodologies in the enterprise Governance, Risk and Controls (GRC) system used across broad stakeholder groups.

Meanwhile: Conduct reviews and analysis of business and information technology processes and solicit (internal) client requirements through interviews, workshops and/or existing systems documentation or procedures.

What they’re saying: “Ensure your workforce is involved in research and analysis of information system issues and trends, and research and development in a technical discipline/field.“, Technical Project Manager

On the flip side: Make headway so that your organization participates in information security committees through the IT Governance framework to establish organization-wide security policies, verify compliance, and advance security goals and objectives.

How it works: Make sure your organization ensures architectural principles are applied during design to reduce risk and drives adoption and adherence to policy, standards and guidelines.

Yes, but: Develop a go-forward strategy to evolve the TPRM program and continue to develop and oversee a third-party risk governance structure that ensures that all business owners and third parties that expose the organization to compliance, credit, information security, offshore, operational, and strategic risk follow appropriate controls.

State of play: Establish that your company is responsible for your organizations information security strategy/programs daily operations, goals and objectives by developing and monitoring security standards and best practices for your organization.

What we’re hearing: “Develop annual information security governance and policy roadmaps including major policy lifecycle milestones and communicate to key stakeholders to ensure commitments are anticipated.“, Service Support Manager

Between the lines: Apply an enterprise wide set of disciplines for the planning, analysis, design and construction of information systems on an enterprise wide basis or across a major sector of the enterprise.

The backdrop: Check that your staff evaluates and Recommends information technology strategies, policies, and procedures by evaluating organization outcomes; identifying problems; defining risks; evaluating trends; anticipating requirements.

The bottom line: Be certain that your staff provides oversight for the development of information systems testing strategies, plans or scenarios working with stakeholders and Test and Software Quality Assurance Services representatives.

What’s next: Make sure your team coordinates tracking of all relevant information on drivers, as license status, traffic tickets, accidents and other risk and safety related data.

ICYMI: Develop experience conducting verification and validation (V and V) over information security control remediation activities to determine extent to which such efforts are successful in resolving control weaknesses/audit findings.

Get started: store.theartofservice.com/ISO-38500-critical-capabilities/

Trusted by: FirstEnergy Corp, AE Stategies, LendingPoint, LLC, kraken, IBM, Micron Technology, IDC, CapB InfoteK, Mastery Logistics Systems, Inc., Accenture, McKesson, LumApps, Honeywell, Avery Dennison, Audible, Fidelity Investments, Olathe Public Schools, Amex, Emory University, Kajeet, Inc., Aruba Networks, Volkswagen Group of America, MasterBrand Cabinets Inc., Platform Science, Autonomic, Medtronic, NextEra Energy, Tesla, Novetta, Sirqul, Inc, Kwik Trip Inc, Particle, Rivian Automotive, Watts Water Technologies, Signify, Martin Engineering, TalentWerx, Terumo Medical Corporation, PepsiCo, Microsoft, Delta Faucet Company, Amazon.com Services LLC, Siemens, SunPower, Johnson Controls, Cummins Inc., BrightInsight, Losant, Pall, Allegion, Spireon, Lumin, Insight Enterprises, Inc., Alarm.com, Vodafone, Rad Power Bikes, Axon, ENEL, Schneider Electric, Precision Fermentation, Deeplocal Inc., Harbor Industries, Inc., Samsara, Ayla Networks, Prime Vision, Walmart, Xerox