Does your organization regularly reevaluate its IT & Security posture? If so, how often?

Strategy & ArchitectureApplications & PlatformsEngineering+18 more

Never16%

Yes, on our 5-year plan29%

Yes, once a year28%

Yes, we constantly question our posture and look for newer, better architectures and solutions20%

Yes, but not regularly - only when a pressing need emerges6%


1294 PARTICIPANTS
5k views17 Upvotes2 Comments
CTO for Digital & IT in Healthcare and Biotech, 10,001+ employees
We tend to update our risk matrix every year to make sure our priorities are still correct. We also have a multi-year security roadmap that lays out the overall trajectory we are on, and that is updated as needed throughout its lifetime, if only to go to the powers-that-be and obtain the funding approval for the next year's tranche of topics. We also semi-regularly bring in outside expertise to perform an overall assessment of our approach to security (organization, priorities, tools...) and ensure we are still reasonably in line with industry best practices.
I find there is a lot of value in these roughly annual updates, but in between we do need to let the teams actually get stuff done without pulling the rug out from under them, so I am not sure it would be very useful to do these kinds of exercices more often, barring of course some sort of major disruption.
Senior devops engineer in Software, 10,001+ employees
yes , it should required for every organisation if its small size or mid size.

Content you might like

Do you have remote employees on your team?

Talent Management & Performance

Yes87%

No12%


10314 PARTICIPANTS
95.7k views253 Upvotes71 Comments

How often do you review and update control mappings?

Security & GRC

Monthly28%

Quarterly43%

Semi-annually19%

Annually6%

Less frequent than annually4%


190 PARTICIPANTS
4.8k views1 Upvote

What are the best practices/architectural patterns one should be aware of when creating Collaborative Environments?

Process Management
Read More Comments
3.4k views6 Comments

What are some best practices, including those commonly used in other companies, for managing contingent workers, especially in terms of tracking and verifying time and pay rates for maintenance and construction work? This includes considerations like tracking level (project vs. task), accuracy verification, using data sources (e.g., security card swipes, GPS tracking), and the digital/self-service aspect (what's the difference on mobile or a web app vs. spreadsheet or paper-based). 

Peer InsightsProcurementEnterprise Resource Planning (ERP)+1 more
6.9k views5 Upvotes

Shared Services Canada (SSC) is a federal Government of Canada (GC) department that provides IT services to other GCs and agencies. In parallel to the implementation of BMC Remedy, SSC is also in the early stages of planning the implementation of SAP S/4HANA to replace many current stand-alone applications. The intent for the SAP implementation is for SSC to be a Solution as a Service (SolaaS). Is there a functioning instance where the implementation of SAP S/4HANA for the Enterprise Business Intake (EBI) process was included as a requirement to handle ITSM-related activities instead of Onyx? Any further information on best practices or lessons learned would also be appreciated.

Applications & Platforms
Engineer in Media, 201 - 500 employees
.
3.1k views19 Upvotes1 Comment