Indicators of Good Practice
The following documents and processes would indicate that an institution has taken a considered approach to defining the structures that support IT and information systems:
- Documented policy detailing the rights and responsibilities relating to devolved IT and information systems (e.g. purchasing guidelines, guidelines related to attaching equipment to the network, regulations on physical and digital security, etc.)
- Periodic reviews of services and systems which consider the mix of centralised and devolved responsibilities.
- Periodic reviews of the support structures of information systems and technologies to ensure their continued appropriateness