Back

Establish, implement, and maintain Information Technology projects in support of the Strategic Information Technology Plan.


CONTROL ID
13673
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a Strategic Information Technology Plan., CC ID: 00628

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Establish a project management approach commensurate with the size, complexity and regulatory requirements of each project. The project governance structure can include the roles, responsibilities and accountabilities of the programme sponsor, project sponsors, steering committee, project office and… (PO10.3 Project Management Approach, CobiT, Version 4.1)
  • The information security strategy should support the organization's overall objectives by outlining the role of individual Information Security projects in enabling specific strategic initiatives. (SG.02.01.02b, The Standard of Good Practice for Information Security)
  • The information security strategy should support the organization's overall objectives by outlining the role of individual Information Security projects in enabling specific strategic initiatives. (SG.02.01.02b, The Standard of Good Practice for Information Security, 2013)
  • Align the use of AI to the objectives of the organization. The innovative use of new technologies is critical to the viability and health of many organizations and, in those cases, governance will encourage such innovation. Not every project will be strategically important (e.g. some will only reduc… (§ 5.5 ¶ 1 Bullet 5, ISO/IEC 38507:2022, Information technology — Governance of IT — Governance implications of the use of artificial intelligence by organizations)
  • Assessment of alignment with the entity's IT and strategic plans. (App A Objective 12:2c, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Alignment of the formality of the architecture plan and processes with number and complexity of the architecture initiatives. (App A Objective 12:3d, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Alignment with management's defined mission and any strategic initiatives for architecture. (App A Objective 12:1c, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Major projects in process or planned. (App A Objective 4:1 c., FFIEC Information Technology Examination Handbook - Management, November 2015)