Bespoke IT Governance

Bespoke IT Governance

Corporate Governance of IT is crucial to ensure your business is at the forefront of your core focus. Through EGRA we can build a bespoke IT plan to match your unique operating environment.

With cyber-attacks on the rise, we understand the importance of cybersecurity and the potentially dire consequences that breaches can bring.  Not only can they lead to financial losses and public relations problems, they can disrupt operations, expose an organisation to negligence claims and result in a damaging loss of trust among your customers and employees.

That is why we understand how important the management and developing of an IT governance and security roadmap and framework is.  As you embark on your journey to IT governance and cybersecurity maturity, you need an advisor that not only has deep knowledge the required people, processes, and technology, but also has broad experience to provide the overarching insight needed to guide you in the right direction.

We can help you take the first steps to complete your IT strategy and cybersecurity assessment, helping to identify areas of potential improvement.  Continuing from this, we can extend this journey.  We believe we are the right advisor to serve as your guiding light for this important work

We have the experience of providing cybersecurity and IT strategy services for a number of clients, from large institutions and government entities to smaller entities.

Our process to create and implement a formal IT Governance implementation:

  • Establish a Framework
    • Define an IT Governance structure based on COBIT, ISO 27001, NIST Cybersecurity Framework or other framework requirements and industry best practices
    • Discuss and define required IT groups and committees
    • Define associated roles, responsibilities and authorities
  • Analyse
    • Review the results of current state analysis to identify gaps in existing IT policies, procedures and standards
    • Identify missing processes that should be adopted
  • Process documentation
    • Update existing policies, procedures and standards based on identified gaps
    • Where required, document new IT processes based onCOBIT, ISO 27001, NIST Cybersecurity Framework or other framework requirements and industry best practices
  • Process implementation
    • Discuss and review the new/updated process documents with key stakeholders from respective IT and security departments
    • Incorporate feedback received from the stakeholders
  • Train and knowledge transfer
    • Conduct training on the required framework
    • Conduct training and workshops on updated/new IT processes

Deliverables will include, but are not limited to the following:

  • IT governance structure
  • Roles and responsibilities
  • RACI matrix
  • Updated IT policies, procedures and standards
  • New policies, procedures and standards
  • Training and workshops

Additional services include the following:

POPI:  Consultation to ensure that your organisation is compliant to the requirements of the Protection of Protection of Personal Information Act, # 3 of 2013 (POPIA).

ISO27001:  Assisting the client to comply with the requirements of ISO 27001 / 27002, including an automated solution to manage your Information Security Management System.

The complete bespoke solution examines all aspects of your IT environment, from IT management to POPI compliance, to IT asset management.  The EGRA bespoke solution will enable you to know the best IT solution for your business planning without compromising the quality of service your need to deliver to your key customers.

Let EGRA help you on your journey to an efficient, secure, and compliant IT infrastructure.

Contact Us


082 887 1770