You have been hired as CIO for a small independent auto-parts store - Northwest Georgia Auto Parts. The store has been in operation for five years and has grown substantially over that time. At the time the store opened, they had a small server that kept track of inventory, including purchasing and ordering from vendors, and took care of the sales/return transactions. The software was purchased. Payroll is contracted out to an outside vendor. There are three point-of-sale registers connected to the server. The system has gotten very slow and frequently goes down. The owner has two IT technicians working for the store - but knows that he needs a more robust IT operation - thus, the hiring of the CIO position.
Your job over the next several weeks is to put in place a strategic IT operation that will support the company. You will be creating strategies and policies for IT operations, setting up new networks with accompanying hardware/software, creating a "help desk", updating the database, adding payroll to the system, and start the development of an e-commerce operation for the store.
This is a term long project and has 4 phases. In phase 4, you and your team will be creating policies and procedures for IT governance using COBIT framework.
COBIT is a business framework for governance and management of enterprise IT. There are four major objectives that COBIT uses: a) planning and organize; b) acquire and implement; 3) deliver and support; 4) monitor and evaluate.
In this phase, you are asked to creating policies and procedures for IT governance in the area of: access control.