The institution clearly defines its own concept of value and the management practices devoted to generating the results expected from ICT-related investments (in ICT-enabled initiatives, services and assets) throughout their economic life cycle.

This involves defining the value of the outcomes to be achieved, analysing the cost-result of ICT investments and evaluating the return on investment of ICT-related initiatives.

Taking into account the corporate impact and dynamics of ICT, investment proposals in ICT should be considered with appropriate care, diligence and soundness.

The institution ensures the continuity of its services, especially those involving critical operations, and maintains the availability of information at an acceptable level in the event of significant disruption.

The institution implements ICT management processes aligned to the planning, building, running and monitoring of ICT-related activities, and to full coverage of ICT services within the institution.

The institution operationalizes its mission and general objectives into specific ICT-related plans and actions implementing social security functions.

The institution develops an ICT strategy and innovation prospective as the cornerstone of an integrated institutional view of the current business, the future direction for the ICT environment, and the initiatives required to reach the desired future environment.

According to ISO/IEC 38500, management relates to “the system of controls and processes required to achieve the strategic objectives set by the organization’s governing body. Management is subject to the policy guidance and monitoring set through corporate governance”.

For COBIT®, ICT management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.

The institution establishes ICT governance processes linked to its governance objectives, which include evaluating strategic options, giving direction to ICT and monitoring outcomes.

Governance processes ensure that stakeholder needs, conditions and options are evaluated in order to determine and agree upon balanced institutional objectives, set direction through prioritization and decision-making, and monitor performance and compliance against agreed objectives and direction.

The institution defines a single, integrated framework for ICT governance that establishes responsibilities and duties at the highest levels.

The framework fosters the application of the ISSA Guidelines on Good Governance and ICT-related principles as defined in international standards.

ICT governance can be defined as a “framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization’s IT supports and enables the achievement of its strategies and objectives”.