This policy establishes requirements related to the oversight and control of information technology (IT) resources to help support the achievement of a company’s business objectives while managing technology risk.
This policy should apply to all users across all company divisions and all information systems and computer rooms utilized by the company. According to this policy, when managing the IT environment, responsibilities must be distributed between company and divisional IT organizations. The global CIO and division CIOs are accountable for the overall management of company and divisional IT organizations. The global CIO and division CIOs are responsible for confirming that systems under their governance are controlled in accordance with IT policy requirements.