Enterprise-wide IT risk will be evaluated through standard policies, procedures, and a governance model to identify appropriate mitigations for the County as an enterprise.
The tradeoffs between business value and risk must be considered at
the enterprise level. Evaluating and communicating acceptable levels
of risk will ensure optimum protection of resources within the
business and the County overall
· Business-specific technology risks will be managed at the appropriate level (e.g., by Governance bodies and working groups such as Cloud Review Committee) in accordance with enterprise-wide standards, policies, and procedures, and escalated to ITMC as appropriate
· Criteria and thresholds will be defined so independent oversight will occur on technology implementation projects.
· The solution architecture process will define the solution that meets the business unit’s acceptable risk standard in balance with other factors, including cost and functionality.