Back

Establish and maintain an Information Technology steering committee.


CONTROL ID
12706
CONTROL TYPE
Human Resources Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain high level operational roles and responsibilities., CC ID: 00806

This Control has the following implementation support Control(s):
  • Assign the Information Technology steering committee to report to senior management., CC ID: 12731
  • Convene the Information Technology steering committee, as necessary., CC ID: 12730
  • Assign reviewing investments to the Information Technology steering committee, as necessary., CC ID: 13625


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Since information security affects all aspects of an organization, in order to consider information security from a bank-wide perspective a steering committee of executives should be formed with formal terms of reference. The Chief Information Security Officer would be the member secretary of the Co… (Information Security Committee ¶ 1, Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • The CISO coordinates cyber security and business alignment through a cyber security steering committee or advisory board, comprising of key business and ICT executives, which meets formally and on a regular basis. (Security Control: 0725; Revision: 2, Australian Government Information Security Manual, March 2021)
  • The CISO coordinates cyber security and business alignment through a cyber security steering committee or advisory board, comprising of key cyber security and business executives, which meets formally and on a regular basis. (Control: ISM-0725; Revision: 3, Australian Government Information Security Manual, June 2023)
  • The CISO coordinates cyber security and business alignment through a cyber security steering committee or advisory board, comprising of key cyber security and business executives, which meets formally and on a regular basis. (Control: ISM-0725; Revision: 3, Australian Government Information Security Manual, September 2023)
  • The organisation should appoint an ICS Information Security Officer (ICS-ISO) to meet the special requirements in the field of industrial control and to include the security organisation from the field of industrial control in the overall ISMS. The ICS-ISO should be a member of the IS Management Tea… (§ 4.7 ¶ 4, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • The IS Coordination Committee should reflect the various fields of tasks of an organisation. The IS Coordination Committee should include at least the following roles: a person responsible for IT, the Information Security Officer and representatives of the user. As frequently personal data also are … (§ 4.8 Subsection 1 ¶ 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • To provide consistent, effective and secure technological solutions enterprisewide, establish a technology forum to provide technology guidelines, advice on infrastructure products and guidance on the selection of technology, and measure compliance with these standards and guidelines. This forum sho… (PO3.4 Technology Standards, CobiT, Version 4.1)
  • Oversight of the IT environment. (App A Objective 2:9c Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Delegates monitoring for specific IT activities, as appropriate, to a steering committee. (App A Objective 2:3 a., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • If the board delegates certain activities regarding the oversight of IT to a committee, review the membership, responsibilities, and activities of the committee. Specifically, determine whether the committee does the following: (App A Objective 2:6, FFIEC Information Technology Examination Handbook - Management, November 2015)