W4 method for secure and compliant IT

I have previously written about my 12-step process, which provides a defined roadmap to help you work through the process in a pragmatic and sane way.

These 12 steps are grouped into the 4 phases of my ‘W4 methodology’.

Each phase delivers a specific milestone / outcome, which I describe below.


Executive Summary

12 steps. 4 milestones. 1 image.

W4 Method MilestonesClick the image to view a PDF version

The WHERE Milestone

The WHERE phase focuses on where you are right now, where you could go, and where you want to go. This is not only informed by the technical possibilities and current capabilities, but also by the expectations of your stakeholders and regulators.

At the end of this phase, you have a clear sense of what a desirable yet pragmatic and achievable future state looks like for your organisation.


The WHAT Milestone

Now we know where you will go, the WHAT phase focuses on how you get there:

  • What you need in terms of technology, people and process
  • What resources or capabilities are required to get these, and how they will be acquired or developed
  • What prioritisation makes sense

At the end of this phase, you will have a roadmap setting how how you can get from where you are today to your desired future state.


The WHY Milestone

You are now in a position where you are clear on where you want to go and how you can get there.

The WHY phase focuses on documenting your logic, engaging stakeholders on a more formal basis (e.g. Compliance and Risk, C-Suite peers, CEO, Board members) to reach agreement on why this Future State makes sense for the organisation and what financial and other supports are required to get there.

It may also involve engagement with regulators (e.g. notifications to the Central Bank if your organisation is subject to Solvency II rules).

At the end of this phase, your stakeholders are on board and confident that:

  • The target future state is the right one for the organisation
  • The plan to get to this future state is clear and achievable

The WHAT NOW Milestone

You have a clear future state, a clear path, and buy-in from your stakeholders.

Now you should move closer to the desired future state in phases, through an iterative process of:

  • Planning,
  • Performing,
  • Persisting, and
  • Proving that what you are doing is in line with the plan and aligned to stakeholder and regulator expectations.

At the end of each iteration of this phase, you will have a new baseline that is one step closer to your future state.

What should you do?

If you find yourself wondering what your solution should look like, my FREEin45 workshop may be an ideal first step.

Register for a FREEin45 workshop

About The Author

Sam Glynn

Sam works with the CFOs and COOs of regulated firms who are responsible for IT, even though IT is not their primary area of expertise.

They are frequently under pressure to deliver capable, secure and compliant IT solutions that align to the risk appetite of the firm’s internal stakeholders and to the expectations of regulators.

It’s not about technology. It’s about business outcomes.