IT Governance

Our approach

Our philosophy is that good governance implicitly shapes good architecture and quality implementations. It should remove red tape while maximising the re-use of existing investments, ease of use and trust in the accuracy of data held in IT systems.

We focus on policy, process and systems designed to improve three key domains:

  • Compliance;
  • Business continuity;
  • Efficiency.

Our high-level process is to:

  • Assess existing policies, processes and systems related to these areas organisation-wide, discovering gaps and opportunities;
  • Provide ISO 38500-aligned recommendations (assess, direct and monitor) addressing gaps, decreasing risk and complexity, and improving financial performance;
  • Provide technical integration and automation services designed to optimise and reliably support policy and process.

Standards and frameworks we use:

  • AS ISO/IEC 38500:2016;
  • ASD Essential Eight;
  • Vendor best-practice;
  • Domain best-practice.
  • ITIL; 1
  • Prince2. 1

As a Microsoft Partner, we specialise in leveraging Microsoft technologies across these domains.

1 Technical services only.

Compliance

Within the broad domain of compliance, our speciality is in reducing IT-related risk through extending beyond policy and practices into technology-enforced compliance.

Activities include:

  • Assessing data maturity and governance;
    • Custodianship;
    • Sources of truth;
    • Data classification and pre-approved usage scenarios;
    • Consolidated data schema;
    • Data dictionary;
  • Assessing data sovereignty (cloud only);
  • Assessing how well organisational policy compliance is facilitated by process and systems;
  • Assessing how well security best practice is effected across policy, process and systems;
  • Identify where technology can enforce compliance;
  • Recommendations for monitoring compliance.

In-scope systems and platforms:

  • Automation
    • Microsoft Azure Automation;
    • Microsoft Azure Logic Apps and Functions;
    • Microsoft Windows group policy;
    • PowerShell;
  • Data repositories
    • Microsoft Azure SQL (Database and MI);
    • Microsoft Dataverse;
    • Microsoft SQL Server;
    • Oracle Database;
  • ERP, HR, payroll and finance platforms;
    • Identity management
      • Microsoft Identity Manager;
      • Microsoft Entra Connect (Azure AD Connect);
      • Microsoft Entra Cloud Sync;
    • Microsoft Entra ID (Azure Active Directory)
      • Role-based access;
      • Conditional access policies;
      • Privileged access management;
    • Microsoft Intune
      • Application management;
      • User and device policy;
    • Microsoft System Center
      • Configuration Manager:
        • Application management;
        • Desired state configuration;
        • User and device policy;
      • Operations Manager:
        • Real-time reporting and alerting;
      • Service Manager:
        • Integrated ITIL incident, problem and change management, and aggregated service reporting;
    • Microsoft Windows Active Directory
      • AppLocker (application security);
      • Certificate Services (PKI);
      • Directory Services;
      • Group Policy.

    Business continuity

    We evaluate business continuity across multiple domains:

    • Network, hardware and application resilience;
    • Service contracts and licencing;
    • Staff contingency.

    Our objectives are to ensure that:

    • Critical services are made highly-available where possible;
    • Applications are recovered into a working state;
    • Service contracts and licencing align to business-defined performance, availability and recovery point (RPO) and time (RTO) objectives.

    In-scope systems and platforms:

    • Data repositories
      • Microsoft Azure SQL (Database and MI);
      • Microsoft SQL Server;
    • Disaster recovery
      • Microsoft Azure Backup;
      • Microsoft System Center Data Protection Manager;
    • Identity management
      • Microsoft Identity Manager;
      • Microsoft Entra Connect (Azure AD Connect);
    • Microsoft Windows Active Directory:
      • Certificate Services (PKI);
      • DNS;
      • Directory Services;

    Efficiency

    We evaluate efficiency across multiple domains:

    • Policy and process;
    • Complexity;
    • Redundancy;
    • Scalability;
    • Financial.

    Our objectives are to ensure that:

    • Policy and processes remove red tape and are readily re-usable;
    • Complexity is minimised through appropriate vendor and technology consolidation;
    • Redundancy, such as duplicated manual administration is removed using policy-aligned integrations and automation;
    • Systems and data is trusted;
    • The right balance of consolidation versus de-centralisation (think user self-service) exists, promoting responsiveness, accurate data and scalability;
    • Licencing is fit-for-purpose and duplicated paid-for functionality (think multiple back-up methodologies) is eliminated.

    In-scope systems and platforms:

    • Automation
      • Microsoft Azure Automation;
      • Microsoft Azure Logic Apps and Functions;
      • Microsoft Windows group policy;
      • PowerShell;
    • Data repositories
      • Microsoft Azure storage resources;
      • Microsoft Azure SQL (Database and MI);
      • Microsoft SQL Server;
    • Disaster recovery
      • Microsoft Azure Backup;
      • Microsoft System Center Data Protection Manager;
    • Identity management
      • Microsoft Identity Manager;
      • Microsoft Entra Connect (Azure AD Connect).
      • Microsoft Entra Cloud Sync.