Professional Documents
Culture Documents
Latihan Maturity
Latihan Maturity
Level No
1 1
2 1
3 1
4 1
2
5 1
2
4
DS5 Manage Security
Statement
Establish and maintain a financial framework to manage the investment and cost of IT assets and services through portfoli
Implement a decision-making process to prioritise the allocation of IT resources for operations, projects and main
the enterprise’s portfolio of IT-enabled investment programmes and other IT services and assets.
The practices should support development of an overall IT budget as well as development of budgets for individual progra
emphasis on the IT components of those programmes.
The practices should allow for ongoing review, refinement and approval of
the overall budget and the budgets for individual programmes.
Implement a process to monitor the benefits from providing and maintaining appropriate IT capabilities.
IT’s contribution to the
business, either as a component of IT-enabled investment programmes or as part of regular operational support,
and documented in a business case, agreed to, monitored and reported.
Reports should be reviewed and, where there are
opportunities to improve IT’s contribution, appropriate actions should be defined and taken.
Where changes in IT’s contribution
impact the programme, or where changes to other related projects impact the programme, the programme busin
be updated.
Ya Ya, Ragu-Ragu Ragu-Ragu Tidak, Ragu-ragu Tidak Score
1 0.75 0.5 0.25 0
0
0 0
0 0
0 0
0
0
0 0
0
0
0 0
0
#DIV/0! #DIV/0!
#DIV/0! #DIV/0!
#DIV/0! #DIV/0!
#DIV/0! #DIV/0!
#DIV/0! #DIV/0!
#DIV/0! ###
Determine Technological Direction
Level No
0 1
1 1
2 1
3 1
2
3
4 1
2
3
4
5
6
5 1
6
ne Technological Direction
Statement Ya
1
The organisation does not require the identification of functional and operational
requirements for development, implementation or
modification of solutions, such as system, service, infrastructure, software and data.
The organisation does not maintain an
awareness of available technology solutions potentially relevant to its business.
There is an awareness of the need to define requirements and identify technology solutions.
Individual groups meet to discuss needs
informally, and requirements are sometimes documented.
Solutions are identified by individuals based on limited market awareness
or in response to vendor offerings. There is minimal structured research or analysis of
available technology.
Some intuitive approaches to identify IT solutions exist and vary across the business.
Solutions are identified informally based on the internal experience and knowledge of
the IT function.
The success of each project depends on the expertise of a few key
individuals. The quality of documentation and decision making varies considerably.
Unstructured approaches are used to define
requirements and identify technology solutions.
0 0 #DIV/0! #DIV/0!
0 0 #DIV/0! #DIV/0!
0 0 #DIV/0! #DIV/0!
0
0
0 0 #DIV/0! #DIV/0!
0
0
0
0
0
0
0 0 #DIV/0! #DIV/0!
0 0 #DIV/0! #DIV/0!
0 #DIV/0! ###
DS5 Manage Security
Level No
0 1
1 1
2 1
3 1
4 1
5 1
DS5 Manage Security
Statement Ya
1
Verify that all data expected for processing are received and processed completely, accurately
and in a timely manner, and all output
is delivered in accordance with business requirements.
Support restart and reprocessing needs.
Define and implement procedures for effective and efficient data storage, retention and
archiving to meet business objectives, the organisation’s security policy and regulatory
requirements.
Define and implement procedures to ensure that business requirements for protection
of sensitive data and software are met when data and hardware are disposed or
transferred.
Define and implement procedures for backup and restoration of systems, applications,
data and documentation in line with business requirements and the continuity plan.
Define and implement policies and procedures to identify and apply security
requirements applicable to the receipt, processing, storage and output of data to meet
business objectives, the organisation’s security policy and regulatory requirements.
Ya, Ragu-Ragu Ragu-Ragu Tidak, Ragu-ragu Tidak Score
0.75 0.5 0.25 0
0 0 #DIV/0! #DIV/0!
0 0 #DIV/0! #DIV/0!
0 0 #DIV/0! #DIV/0!
0 0 #DIV/0! #DIV/0!
0
0 0 #DIV/0! #DIV/0!
0 0 #DIV/0! #DIV/0!
0 #DIV/0! ###
DS5 Manage Security
Level No
0 1
2
1 1
2
2 1
3 1
2
3
4 1
2
3
4
6
7
8
10
11
5 1
5
6
7
8
10
11
DS5 Manage Security
Statement Ya
1
There is a complete lack of any recognisable IT governance process.
The organisation does not even recognise that there is an issue to be to be addressed; hence,
there is no communication about the issue.
The importance of and need for IT governance are understood by management and
communicated to the organisation.
A baseline set of IT governance indicators is developed where linkages between
outcome measures and performance indicators are defined and documented.
Procedures are standardised and documented.
Management communicates standardised procedures, and training is Dashboards are
defined as part of the IT balanced business
scorecard. However, it is left to the individual to get training, follow the standards and
apply them.
established. Tools are identified to assist with overseeing IT governance.
Dashboards are defined as part of the IT balanced business
scorecard. However, it is left to the individual to get training, follow the standards and
apply them.
Processes may be monitored, but deviations, while mostly being acted upon by
individual initiative, are unlikely to be detected by management.
0 0 #DIV/0! #DIV/0!
0
0
0 0 #DIV/0! #DIV/0!
0 0 #DIV/0! #DIV/0!
0
0
0 0 #DIV/0! #DIV/0!
0
0
0
0
0
0
0
0 0 #DIV/0! #DIV/0!
0
0
0
0
0
0 0 #DIV/0! #DIV/0!
0 #DIV/0! ###