Background: With over 850 business units globally, this de-centralized IT function needed to establish formal IT governance standards and guidelines as part of its Enterprise Risk Management program.

CTS Impact Solution: Using the COBIT / ITGI standard framework as a best practice, CTS Impact performed the following:

  • Conduct risk assessment
  • Develop and document IT policies and guidelines
    • Disaster recovery and business continuity
    • Physical, environmental and system security
    • Access controls
    • IT operations
    • Change management – applications and technical infrastructure
    • Data management
    • SLA compliance
  • Monitor and review compliance
    • Coordinate self-assessments on annual basis
    • Perform testing of high risk business units
    • SOC 1 review of significant third-party providers