Law and Technology

Businesses need proactive oversight of IT

April 30, 2015
Print
Text Size:
A A

It may be tempting to delegate all information technology functions to the IT department. However, information technology oversight is not just a task for technology personnel.

Just as business leaders oversee other major risks, they should also be informed regarding the business’ use of information technology. Information technology, or IT, the application of computers and other technology to store, retrieve, transmit and manipulate data and information, can be essential to management of a business.

Although the use of IT has many benefits, including greater data accuracy, efficiency and decreased operational costs, it can also increase risks to privacy and security of information and data. Security breaches or other data losses could significantly affect a business’ operations and reputation and can also expose the business to potential liability. By providing proactive oversight of IT, business leaders can not only reduce risks inherent in the use of IT, but can also increase business value by optimizing resources.

Proactive IT oversight is a big-picture approach to information and data management, through which business needs drive decisions regarding procurement and use of technology solutions and protection of information and data. Business leaders identify strategic objectives, provide direction to align IT use with business strategy and create a system to oversee the use of technology solutions. For example, if a business wishes to focus on minimizing risks to data security, it may wish that tighter controls be used.

Once the objectives have been identified, policies and processes to be followed by employees can then be established. Some relevant policies include a security policy, privacy policy, data breach notification policy, acceptable use policy and procurement policy. The necessity of specific policies will vary depending on a business’ unique needs, but every business should have policies in place that help it identify and understand how technology solutions may be acquired and used in furtherance of business goals, while avoiding creation of unnecessary risk.

Each business should identify an individual or team who will be responsible for implementing the oversight program effectively and efficiently. This individual/team can not only identify applicable legal obligations and other standards, but can also monitor employees’ compliance with policies and report back to business leaders regarding whether objectives are being met.

By setting objectives and priorities and providing proactive oversight, business leaders identify potential risks and plan around them, rather than just reacting to situations that may arise. In doing so, a business can make informed decisions about IT that increases the value of their business, rather than working with a patchwork of solutions purchased without thought to their effects in relation to business’ mission and vision. 

Comments powered by Disqus