Risk Management │Digital Technology
Identify and manage risks associated with technology and digital transformation.
What does good look like? Our guide to creating digital standards and improving your skills, capacity and capabilities.
- ICT governance is an integral part of corporate governance and should be effective, transparent, and accountable. Provide regular reports on ICT risks to key stakeholders, such as the board members, senior management, and relevant regulatory bodies.
- Consider the governance structure in place for managing ICT risks. This might involve an Audit and Risk Committee, dedicated committee, or other similar arrangements. Provide an annual ICT report for review by the relevant committee.
- Clear processes for identifying and assessing ICT risks are in place. This should involve both regular risk assessments and ongoing monitoring to identify new risks as they emerge. In addition to cyber risks the risk register should include technological failures, data breaches, regulatory compliance failures, vendor risks, and risks associated with new technology adoption.
- Strategies are in place to mitigate and prevent identified risks. This might include technological controls, procedural controls, employee training, and the use of insurance. Ensure that the internal control framework includes all aspects of ICT operations and data management.
- ICT should be subjected to periodic independent audit and assurance through:
- General control review audits and application control review audits as part of Annual External Audit
- Internal audit programme
- Penetration testing by specialist provider
- Plans are in place for responding to and recovering from ICT incidents. This includes incident response plans, disaster recovery plans, and business continuity plans. In the event of a data breach, a provider should have a plan for investigating the breach, containing the damage, notifying affected parties, and restoring lost or compromised data.
The Marzipan Way is a framework for managing digital transformation in social housing. One page, one section or the whole set of standards, there is something to learn for everyone.
If you would like to learn more, please contact firstname.lastname@example.org for a free, no obligation conversation.