Number of IT FTEs that perform the process group "develop and implement security, privacy, and data protection controls" per $1 billion revenue

This measure calculates the number of IT full-time equivalent employees (FTEs) per $1 billion revenue that perform the process group "develop and implement security, privacy, and data protection controls," which consists of establishing information security, privacy, and data protection strategies and levels, along with testing, evaluating, and implementing information security, privacy, and data protection controls. It is part of a set of Supplemental Information measures that help companies evaluate additional variables not covered elsewhere for the "develop and implement security, privacy, and data protection controls" process.

Benchmark Data

Lock

Sorry! Not all users have access to all of our resources. Question mark icon

Want to unlock access to all of our resources?

Learn about Membership icon--arrow--right

Measure Category:
Process Efficiency
Measure Id:
105218
Total Sample Size:
836 All Companies
Performers:
25th
Median
75th
Key Performance
Indicator:
No

Compute this Measure

Units for this measure are FTEs.

Back to Top

(Number of FTEs who perform the function "manage information technology" * Percentage of IT FTEs performing the process group "develop and implement security, privacy, and data protection controls" *.01) / (Total business entity revenue * 0.0000000010)

Key Terms

Back to Top

Total Annual Revenue/Net Revenue

Total annual revenue is net proceeds generated from the sale of products or services. This should reflect the selling price less any allowances such as quantity, discounts, rebates and returns. If your business entity is a support unit and therefore does not directly generate revenue, then provide the revenue amount for the units you support. For government/non-profit organizations, please use your non-pass-through budget. For insurance companies the total annual revenue is the total amount of direct written premiums, excluding net investment income. Note: Business entity revenue needs to only include inter-company business segment revenue when the transactions between those business segments are intended to reflect an arm's length transfer price and would therefore meet the regulatory requirements for external revenue reporting.

FTE - (full-time equivalent employee)

To calculate the number of full-time equivalents employed during the year for each respective process or activity, you must prorate the number of employees and the hours spent performing each process/activity. Assume that a full-time worker represents 40 hours per week. Provide the average number of full-time equivalents employed during the year for each respective process. Include full-time employees, part-time employees, and temporary workers hired during peak demand periods. Allocate only the portion of the employee's time that relates to or supports the activities identified for an applicable process. Prorate management and secretarial time by estimating the level of effort in support of each activity, by process.

For example, a part-time secretary in the finance department for XYZ, Inc. charges all of his time to finance department activities. He works 20 hours per week. The secretary splits his time evenly supporting employees working in the general accounting process and the financial reporting process. Thus, his time should be allocated by process. So, if he works throughout the year and supports these two processes, his time would be split evenly as:

20hrs/40hrs = .5FTE * 50% for general accounting = .25FTE for general accounting

20hrs/40hrs = .5FTE * 50% for financial reporting = .25FTE for financial reporting

Process efficiency

Process efficiency represents how well a process converts its inputs into outputs. A process that converts 100% of the inputs into outputs without waste is more efficient than one that converts a similar amount of inputs into fewer outputs.

Measure Scope

Back to Top

Cross Industry (7.1.0)

  • 8.3.1 - Establish information security, privacy, and data protection strategies and levels (11230) - Implementing strategies for securing and ensuring the privacy of data flows throughout the organization. Create protocols and guidelines for individual IT components in order to avoid misuse of information and breach of individual or organizational privacy.
  • 8.3.2 - Test, evaluate, and implement information security and privacy and data protection controls (11231) - Examining, assessing, and executing the privacy and data controls for information security. Test, analyze, and implement established information security and privacy protocols in order to safeguard the IT function.