As noted in some earlier posts, learning from others’ mistakes is the least painful way of avoiding trouble, provided we can apply those lessons meaningfully in our own circumstances. This latest case study arises from problems encountered in yet another large scale publicly funded IT project. It offers numerous governance insights, which in my view,… Continue reading IT Governance lessons
An article by WA lawyer Marcus Hodge last week highlighted the tension between the recently implemented mandatory data breach notification requirements, and the decision we will each need to make over the coming months regarding whether or not to opt out of Australia’s My Health Record system. The central storage of health record summaries for… Continue reading Privacy, and IT governance
It is more evident than ever before that information technologies are essential enablers of almost all strategic and operational activities undertaken by associations and charities. Equally, we must now acknowledge that cyber-risks and cybersecurity concerns present as significant risks for not-for-profit entities. Recognising this, the importance of addressing IT governance and risk management within your… Continue reading IT Governance (and cyber-risk) in your governance framework – Part 2
Ensuring that your association or charity has established appropriate defences against cyber attack is now a core aspect of risk management. If your organisation has not yet integrated cyber-risk management within your risk management and governance framework, the following checklist may offer some helpful starting points. The issues encompassed in IT risk management and cyber-risk… Continue reading Cyber-risk in your governance framework – Part 1
Even if your not-for-profit organisation does not wish to provide feedback on these drafts, you may find it helpful to review these resources with a view to updating your risk register before the new requirements take effect early next year.