There are many ways to define a strategy, but from the perspective of an IT organization, a useful approach is to structure it in five sections, each of which answers a key question:
Scope: What part of the organization does the strategy apply to? Any strategy should be clearly scoped in terms of time frame and organizational coverage.
Demand: What is the strategy required to deliver, and how will its success be measured? This section will discuss both technology and business demand issues.
Supply: Which tools, technologies, capabilities, architectures, standards, processes and sourcing partners will the IT organization need to deliver against the demand? Where are the gaps based on current capabilities? What resources (at a high level) will be required to implement the strategy?
Governance: Who owns the strategy, directs it, funds it and so on? What is the process for updating the strategy? What new organizational structures will be required to implement the strategy? For example, will it be a steering committee or an IoT center of excellence (COE)?
Risk management: What are the high-level risks and issues that apply to this strategy, in which consistent policies or technologies crossing multiple projects are needed? In an IoT context, safety, security, regulatory intervention and privacy might be topics addressed in this section of the strategy.