When I started this blog series, there was an internal debate as to whether regulations and requirements should be considered under the same umbrella. I tell you now, they are not. Regulations are the law. Those laws define the requirements. Requirements are the needs which your entire IT organization must meet in order to succeed.
When defining your requirements, consider the most basic of questions: who, what, when, where, why?
- Who are we doing this for?
- What are we doing?
- When does it need to be done?
- Where does it need to happen?
- Why does it need to happen?
These questions should lead you to answer a simple cost/value ratio:
- How much does it cost / how much does it generate?
Answering these simple questions should enable you to identify whether an asset should, for instance, belong in the cloud, which cloud it should belong to, and how you should go about designing and building it. Bear in mind the level of your SLAs, the needs and locations of your customers, and the end goals of your business needs in this conversation. These decisions will help you in the creation of the next portion of the lifecycle: policies.
Links to additional parts of the Governance Lifecycle: Part 1: Where to Start Part 2: Regulations – It’s the Law! Part 3: Requirements – Your Benchmark for Success. Part 4: Policies – Know the Rules Part 5: Compliance and the Will to Succeed!