In the current Digital age, the IT estate is not just a critical asset in an IT enable – a data driven business model. It is rather a foundational element on which business models are built. So, while we invest time to draw out an organisation vision and mission statement to set out a chartered path for growth and development, an IT charter to build, manage and engage the IT estate will lead to successful business model.
While the IT estate is at the core of driving the business, maintaining an IT estate like a support function is simply undermining its potential. The operational approach taken for managing IT like a support function has only led to two things – the IT team not keeping pace with the changes in technology and the business struggling to see value in its IT investments (ROI).
And, that’s why the IT estate requires clear visioning, governance, visibility and representation within all business verticals seeking to source and benefit from it.
What is cyber visioning?
It is an ambition statement. It should set the context for what the organisation intends to achieve through its IT estate. It should provide the guidance and context for all decisions henceforth – investments, development, acquisitions, trade – offs, etc. – should be organic and true to the vision statement. An ideal vision statement is short and precise, the simple thumb rule is one should be able to explain the vision to anyone anywhere (analogous to an elevator talk)
What is the context for a Cyber Vision Statement?
Organizations (Governmental agencies, Non-profit organizations, Defense establishment, Commercial entity etc.) are driven by their respective organizational goals. All activities carried out by the organization is required to align and contribute toward realization of the organizational goals. And such goals as derived from the Organization’s Vision and Mission when run by a digitally enabled (or dependent) infrastructure, the digital capability plays a foundational role in realization of the organizational goals. Hence Cyber Vision is an essential of the Organizational vision and Mission.
Who are the owners, implementer and users for an Organisation’s Cyber Vision?
As with any mission and vision of an organization, the ownership for Cyber Vision requires representation from all units within the organization.
- The Board of directors set the “Tone at the top” by defining and endorsing the Cyber vision.
- The C – suite takes the accountability as applicable to their respective departments.
- SMEs shall define the playbooks as per the business goals, the regulatory requirements and compliance requirements. The SMEs will be responsible to evaluate the relevant tools and technologies.
- Operational teams shall implement and operationalize the workflows as per approved the approved playbooks.
- Each individual user is required to execute as per their defined roles and responsibilities.
Who should measure it?
Usually, GRC (Governance- Risk – compliance) or its equivalent is the corporate level entity which takes cognizance of the organizational goals and sets the parameters for tracking the goals. The GRC team reports into the management (Board of Directors) on the parameters which impact and/or likely to impact the Organization Goals.
Cyber visioning is one such parameter which is need to a critical oversight by GRC team or equivalent by identifying the measures to be put in place to align with the overall cyber vision. This shall ensure the vision is truly fulfilled and realized with purposeful action. The periodic report from the GRC team acts as a feedback to the management to obtain assurance and identify the areas requiring course correction for realization of the cyber vision which in turn should feed into the Organizational Mission and Vision.
How is it sustained?
As in case of the ownership, sustenance is the responsibility of each individual associated with the organization. Organizations can successfully realize their organizational goal, if and only if, the entire organization resonates as a single unit to adopt to the realization of the organizational goal as the culture of the organization.
By defining a cyber vision, we are changing the role and the meaning of technology in a business set up. An IT estate is not just a tactical solution to solve a business problem but a strategic roadmap to achieve greater business performance. And writing a purposeful and measurable vision statement is the first step in that direction.