- To guide IT management in the responsibility to safeguard assets and data under its control
- Corporate management and boards often mandate security policies that IT must implement
- Ensure adherence to corporate and regulatory compliance
- To minimizes financial, operational, and legal exposure
- To Ensure that necessary security controls are integrated into the design and implementation of a project
- To provide documentation outlining any security gaps between a project design and approved corporate security policies