Technology Risk Management

Enterprise-wide IT risk will be evaluated through standard policies, procedures, and a governance model to identify appropriate mitigations for the County as an enterprise. 

 

Rationale:

The tradeoffs between business value and risk must be considered at the enterprise level.  Evaluating and communicating acceptable levels of risk will ensure optimum protection of resources within the business and the County overall
 

Implications:

· Business-specific technology risks will be managed at the appropriate level (e.g., by Governance bodies and working groups such as Cloud Review Committee) in accordance with enterprise-wide standards, policies, and procedures, and escalated to ITMC as appropriate

· Criteria and thresholds will be defined so independent oversight will occur on technology implementation projects.

· The solution architecture process will define the solution that meets the business unit’s acceptable risk standard in balance with other factors, including cost and functionality.