Enterprise Risk Committee

Compliance business concept. Businessman

Enterprise Governance for Information & related Technology


  • Integrate the management of I&T-related enterprise risk with overall enterprise risk management (ERM) and balance the costs and benefits of managing I&T-related enterprise risk.

SGM Value Propositions:

  • Managed business risk.

  • Business service continuity and availability.

Enterprise architect pressing a tile in

Business Model and Architecture Management


  • Ensuring that the information, data, and systems of the organization are available to only those that have permission, and protecting the information, data, and systems from unauthorized tampering.

SGM Value Propositions:

  • Detailed understanding of the product lifecycle during the development of Business Architecture in order to ensure rigour in the design of controls, processes, and procedures.

  • Understanding the lifecycles of key entities within the enterprise.

  • Depict which actor (person, organization, or system) can access which enterprise data

  • Demonstrate compliance with data privacy laws and other applicable regulations (HIPAA, SOX, etc).

  • Understanding Actor-to-Role relationships is a key supporting tool in the definition of training needs, user security settings, and organizational change management.

  • Establishing authorization, security, and access to these technology components.

  • Enable application/technology auditing and prove compliance with enterprise ISO technology standards.

  • Establish traceability and changing application end-point address while moving application either from a shared environment to a dedicated environment or vice versa.

  • Describes the means of communication — the method of sending and receiving information — between these assets in the Technology Architecture; insofar as the selection of package solutions in the preceding architectures put specific requirements on the communications between the applications.

 ITSM. IT Service Management. Concept fo

IT Service Management


  • Risks and issues aren’t controlled.

SGM Value Propositions:

  • Identify, manage and report design risks.

  • Perform a risk assessment.

  • Define risk reduction measures and recovery options.

  • Implement risk reduction measures and recovery arrangements.

  • Assess the information-related risks.

  • Perform risk assessment and management activities.

Growth value, increase value, value adde

Management of Value


  • Managed business risk

  • Business service continuity and availability.

SGM Value Propositions:

  • Managed I&T-related risk.

  • Reduced number of confidentiality incidents causing financial loss, business disruption or public embarrassment.

Businessman using tablet and set up net

Information Security Management


  • Loss of trust in IT Department capabilities for Securing the information.

  • Convince the board for the need of Info Sec Management.

  • Lack of Awareness about the implications of security breaches.

  • Lack of budget for Information security.

  • Ability to measure Information Security Capacity & Capabilities (Manpower, Competencies).

  • Ability to measure Information Security Capacity & Capabilities (Manpower, Competencies).

  • Alignment of Strategic Info Sec roadmap with the Business Digital Transformation.

  • Guidance to build a security management system.

  • Lack of awareness between business and IT in the level of security and acceptable attacks.

  • Risk-based info security investment, linking the investment with a potential quantified risk.

  • Benchmark of accepting a certain level of security.

  • How to manage data privacy GDPR and linked to human rights.

SGM Value Propositions:

  • Implementation of an ISMS.

  • Rationalize IS investment.

  • IS Risk Identification.

  • Board-level awareness about cyber security.

  • Alignment of IS strategy to business strategy.

  • Data Privacy guidance.