PO6  Communicate Management Aims and Direction
Control over the IT process of ...
defining and managing service levels
    with the business goal
    to ensure user awareness and understanding of those aims
     
      is enabled by
      • policies established and communicated to the user community; furthermore, standards need to be established to translate the strategic options into practical and usable user rules

        and takes consideration

        • Critical Success Factors that leverage
        • specific IT Resources and is measured by
        • Key Performance Indicators

Record of Assessment
Assignment ID: * Enter Name:*
Reference Code: * Enter Location:* Tel. Num: *
Enter Full e-mail Address: *
  Control Objective:

Define and manage service levels. 

CRITICAL SUCCESS FACTORS
Selected Status
Description
*
Policy enforcement is considered and decided upon at the time of policy development
*
A confirmation process is in place to measure awareness, understanding and compliance with policies
*
Well-defined and clearly articulated mission statements and policies are available
*
Information control policies are aligned with the overall strategic plans
*
Management endorses and is committed to the information control policies, stressing the need for communication, understanding and compliance
*
Management is leading by example
*
There is practical guidance with respect to implementation of policies and procedures
*
Diverse attention-catching methods are used to repeatedly communicate important messages
*
Information control policies are current and up-to-date
*
There is a consistently applied policy development framework that guides formulation, roll out, understanding and compliance
*
*
KEY GOAL INDICATORS
*
Percent of IT plans and policies covering mission, vision, goals, values, and code of conduct which are developed and documented
*
Percent of IT plans and policies which are communicated to all stakeholders
*
Percent of the organisation that has been trained in policies and procedures
*
Improved measure of user awareness based on regular surveys
*
Number of policies and procedures addressing information control
*
*
*
*
*
*
*
*
KEY PERFORMANCE INDICATORS
*
Time lag between changes in the IT strategic plan and the IT human resources management plan
*
Percent of IT personnel with completed professional development plans
*
Percent of IT personnel with documented and validated performance reviews
*
Percent of training time per person
*
Percent of critical personnel cross-trained and assigned back-up personnel
*
Number of projects delayed or cancelled due to lack of IT personnel resources
*
Percent of the human resources budget assigned to the development and maintenance of the IT human resources management plan
*
Percent of IT personnel positions with documented job descriptions and hiring qualifications
*
*
*
*
  Conclusions:
* Non-existent 
Management has not established a positive information control environment. There is no recognition of the need to establish a set of policies, procedures, standards, and compliance processes.
* Optimised 
The information control environment is aligned with the strategic management framework and vision and is frequently reviewed, updated and continuously improved. Internal and external experts are assigned to ensure that industry best practices are being adopted with respect to control guidance and communication techniques. Monitoring, self-assessment and communication processes are pervasive within the organisation. Technology is used to maintain policy and awareness knowledge bases and to optimise communication, using office automation and computer based training tools.
* Managed and Measurable 
Management accepts responsibility for communicating internal control policies and has delegated responsibility and allocated sufficient resources to maintain the environment in line with significant changes. A positive, proactive information control environment, including a commitment to quality and IT security awareness, has been established. A complete set of policies, procedures and standards has been developed, maintained and communicated and is a composite of internal best practices. A framework for roll out and subsequent compliance checks has been established.
* Defined Process 
Management has developed, documented and communicated a complete information control and quality management environment that includes a framework for policies, procedures and standards. The policy development process is structured, maintained and known to staff, and the existing policies, procedures and standards are reasonably sound and cover key issues. Management has addressed the importance of IT security awareness and has initiated awareness programmes. Formal training is available to support the information control environment but is not rigorously applied. There is inconsistent monitoring of compliance with the control policies and standards.
* Repeatable but Intuitive 
Management has an implicit understanding of the needs and requirements of an effective information control environment. However, practices are informal and not consistently documented. Management has communicated the need for control policies, procedures and standards, but development is left to the discretion of individual managers and business areas. Policies and other supporting documents are developed based on individual needs and there is no overall development framework. Quality is recognised as a desirable philosophy to be followed, but practices are left to the discretion of individual managers. Training is carried out on an individual, as required basis. 
* Initial / Adhoc 
Management is reactive in addressing the requirements of the information control environment. Policies, procedures and standards are developed and communicated on an ad-hoc, as needed basis, driven primarily by issues. The development, communication and compliance processes are informal and inconsistent.
Settings will expire on: 

(Do NOT edit.) Field set by Form.
Save and E-mail this form. (Saves only "*" fields & sends E-mail to address above):


Maintenance Functions

Note: If using Netscape on a Macintosh you may have to submit twice, the first will fail, or you can push the "Save Changes and/or Set New Expiration" then Submit.