Technology Portfolio Management (TPM) Best Practices

Overview

The technologies an organization uses are subject to policies, regulatory compliance requirements, and industry standards that create governance obligations for every technology within their scope. A technology handling regulated financial data must comply with relevant financial data protection regulations. A technology embedded in a product sold in the EU market must comply with the Cyber Resilience Act’s software component transparency requirements. These compliance obligations are attributes of the technology’s governance profile.

Best Practice

For every technology record in the Technologies Inventory family, maintain connections to the applicable policy, regulatory compliance, and industry standard records in the Policies, Standards, Best Practices, and Compliance Inventories. Use the connected data to: identify the full set of compliance obligations that apply to each technology; track the organization’s current compliance status against each applicable requirement; and surface compliance gaps as governance findings that require remediation. Include compliance profile data in technology assessment to ensure that compliance obligations are a factor in Rationalization Posture and Strategic Disposition decisions.

Benefit(s)

The Compliance connection prevents the compliance failures that organizations consistently experience when compliance obligations are tracked separately from the technology assets they apply to. Technologies adopted without compliance assessment later require expensive remediation or retirement when their compliance obligations are discovered. The connection ensures compliance is a first-class dimension of technology governance rather than a parallel obligation managed separately.