Technical governance

Technical governance refers to the frameworks and processes that guide the development, implementation, and management of technology within our organisation. It involves the coordination and regulation of technology-related activities to ensure we align with established principles, standards, and objectives. These include safety, independence, transparency, innovation, consistency, accuracy, expertise, efficiency and more.

We’ve crafted a comprehensive Security Governance Framework and set of standards to protect our IT assets from threats and ensure the safety of our data and applications. This framework is the backbone of our strict policies, which we regularly update to stay ahead of potential risks.

For example, we have robust authentication and access control policies to manage user identities and multi-factor authentication (MFA). Our authorisation policies use role-based access controls (RBAC) to define what users and administrators can do. We also have data protection policies that include encryption for data at rest and in transit, as well as data classification and marking.

Our network security policies cover firewalls and systems for detecting and preventing intrusions. In DevOps, we emphasise security from the start with policies like shift left security, which integrates security checks into our development pipelines. We continuously manage vulnerabilities in both our cloud infrastructure and CI/CD pipelines, and we have rigorous patch management policies in place.

When it comes to incidents, we have a detailed incident response plan with clear escalation paths and regular tests to ensure we’re prepared. We prioritise training and education, providing security training and acceptable use policies to our team. And finally, our business continuity and disaster recovery (BCDR) policies ensure we have backup standards and disaster recovery plans to keep our operations running smoothly, no matter what happens.