# Technical governance

Technical governance refers to the frameworks and processes that guide the development, implementation, and management of technology within our organisation. It involves the coordination and regulation of technology-related activities to ensure we align with established principles, standards, and objectives. These include safety, independence, transparency, innovation, consistency, accuracy, expertise, efficiency and more.&#x20;

We’ve crafted a comprehensive Security Governance Framework and set of standards to protect our IT assets from threats and ensure the safety of our data and applications. This framework is the backbone of our strict policies, which we regularly update to stay ahead of potential risks.

<figure><img src="/files/Os1NYrwV5zqePj9yR8ud" alt="&#x22;&#x22;" width="563"><figcaption></figcaption></figure>

For example, we have robust authentication and access control policies to manage user identities and multi-factor authentication (MFA). Our authorisation policies use role-based access controls (RBAC) to define what users and administrators can do. We also have data protection policies that include encryption for data at rest and in transit, as well as data classification and marking.

Our network security policies cover firewalls and systems for detecting and preventing intrusions. In [DevOps](/team/nec-digital-studio-team.md#devops-engineer), we emphasise security from the start with policies like [shift left security](/capabilities/development/quality-and-assurance.md#find-early-fix-early), which integrates security checks into our development pipelines. We continuously manage vulnerabilities in both our cloud infrastructure and[ CI/CD pipelines](/capabilities/development/infrastructure-and-deployment.md#automating-deployment), and we have rigorous patch management policies in place.

When it comes to incidents, we have a detailed incident response plan with clear escalation paths and regular tests to ensure we’re prepared. We prioritise training and education, providing security training and acceptable use policies to our team. And finally, our [business continuity and disaster recovery](/capabilities/technology.md#business-continuity-and-disaster-recovery) (BCDR) policies ensure we have backup standards and disaster recovery plans to keep our operations running smoothly, no matter what happens.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://playbook.necdigitalstudio.com/capabilities/technology/technical-governance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.