Week 2: Dive into Frameworks, Standards, and Context

By Week 2, you’ve got the lay of the land and started building relationships. Now, it’s time to get into the meat of your role: understanding the frameworks, standards, and compliance requirements that guide your organization. This is where you start connecting dots and adding value.

What to Do in Week 2:

1. Understand the Frameworks in Play

• Identify the frameworks your organization uses: COBIT, NIST, ISO 27001, ITIL, or others.
• If you’re unfamiliar with any of them, spend time brushing up on the basics.
• Ask stakeholders: “What’s the most important framework guiding our IT processes?”

2. Learn the Industry-Specific Standards

• Every industry has unique rules—banking, healthcare, and manufacturing all have specific regulations.
• Find out what applies to your organization (e.g., PCI DSS for payments, HIPAA for healthcare).

3. Review Policies and Procedures

• Request internal documents like IT policies, operational procedures, and risk management plans.
• Compare them to best practices from the frameworks you just learned about.

4. Map Out Compliance Requirements

• Is the organization subject to audits or regulatory filings?
• Understand deadlines and how IT’s performance impacts compliance (e.g., data privacy laws like GDPR).

5. Build a Contextual Checklist

• Start listing out the controls, processes, and risks you’ll need to focus on during your audits.
• Keep this list evolving as you learn more.