CenITex, the Victorian Government's shared services IT agency, will adopt a new IT governance, risk and compliance (ITGRC) package to improve its information security function.
The package will assist CenITex in managing the governance, risk and compliance obligations of its customer base for the infrastructure services within their service catalogue offerings.
The IT governance capability will specifically help manage legislation, regulation, industry security standards, WoVG security standards, CenITex policy/standards/security controls, policy exemptions and security metrics.
The IT risk management capability will help manage threats and risks to projects and ongoing core business activities, store system security plans and security risk management plans.
The IT compliance capability will help manage security policy compliance and support security control testing.
Pending a successful implantation, the agency will look to offer the solution as a whole-of-government service to up to 15 other state agencies and departments.
ITGRC fits into a wider information security management upgrade, which itself is aimed at improving the agency’s organisational capability, processes and tools to facilitate information security management transformation.
Wider still, the information security management upgrade is a component of an Efficient Technology Services (ETS) program, aimed at moving the state to a central whole-of-Victorian-government management system.
In July, CenITex was cited as an example of the correct way to manage government shared services in the wake of the news that the West Australian government would decommission its shared services body, following a report from the Economic Regulation Authority (ERA) which advised the state's shared service firm to cease rolling in new agencies and disband entirely.
Follow Tim Lohman on Twitter: @Tlohman
Follow Computerworld Australia on Twitter: @ComputerworldAU