Phase 1: March 2014 deliverables

1. Corporate Governance of and Governance of ICT System

(Developed by adopting the principles and practices put forward in the Corporate  Policy Framework and by adapting their governance system to be in line with the departmental context).

2. Departmental Corporate Governance of ICT Policy

3. Departmental Corporate Governance of ICT Charter

Each department should analyse and articulate its requirements for the Corporate Governance of and Governance of ICT and develop, implement and maintain a related charter which depicts how CGICT will be implemented and managed in the context of the department.

This should enable the creation and maintenance of effective enabling governance structures, processes and practices.It should also clarify the governance of ICT-related roles and responsibilities towards achieving the department’s strategic goals.

4. Terms of reference for the required structures:

  • —ICT Strategic Committee (Executive Committee, Governance Champion and GITO)
  • —ICT Steering Committee (Executive Management, GC, Programme Management and GITO)
  • Architecture Committee (Business, GC and ICT)
  • Risk Committee (Business and ICT)
  • Audit Committee (Business and ICT).

5. Role descriptions and responsibilities for:

  • Governance Champion - a senior manager at least on the level of a Chief Director - to coordinate the development and implementation of CGICT
  • —Enterprise Architect - knowledgeable in the business of the department
  • Government Information Technology Officer – at the executive management level, or equivalent role - responsible for the governance of the ICT unit
  • ICT Manager – responsible for operational management of the ICT unit

6. The Corporate Governance of and Governance of ICT implementation and maintenance plan

7. ICT Legal Register

8. Risk Management Policy
9. Internal Audit Plan (planned ICT audits)
10. ICT Accountability Framework and Management Plan
11. ICT Portfolio Management Framework
12. Information Security Strategy
13. ICT Security Policy

14. Information Security Plan

15. ICT Continuity Plan informed by the Departmental Business Continuity Plan

16.  COBIT 5 EDM1 ICT Governance

17. COBIT 5 APO1 ICT Management

18. COBIT 5 APO2 ICT Strategy

19. COBIT 5 DSS1 ICT Operations

19. COBIT MEA1 ICT Performance