Percentage of total IT cost, excluding depreciation/amortization, allocated to process group "develop and implement security, privacy, and data protection controls"

This measure calculates percentage of total IT cost, excluding depreciation/amortization, allocated to the process group "develop and implement security, privacy, and data protection controls," which consists of establishing information security, privacy, and data protection strategies and levels, along with testing, evaluating, and implementing information security, privacy, and data protection controls. In this measure, capital expense only includes the cost for all capitalized items acquired during the reporting period It is part of a set of Supplemental Information measures that help companies evaluate additional variables not covered elsewhere for the "develop and implement security, privacy, and data protection controls" process.

Benchmark Data

Lock

Sorry! Not all users have access to all of our resources.

Want to unlock access to all of our resources?

Learn about Membership icon--arrow--right
Measure Category:
Supplemental Information
Measure Id:
104991
Total Sample Size:
868 All Companies
Performers:
25th
 Median
 75th
Key Performance
Indicator:
No

Compute this Measure

Units for this measure are Percent.

Back to Top
Percentage of IT operating cost (excluding depreciation/amortization) dedicated to process "develop and implement security, privacy, and data protection controls"

Key Terms

Back to Top

Supplemental Information

Supplemental information is data that APQC determines is relevant to decision support for a specific process, but does not fit into the other measure categories such as cost effectiveness, cycle time, or staff productivity.

Measure Scope

Back to Top

Cross Industry (7.1.0)

  • 8.3.1 - Establish information security, privacy, and data protection strategies and levels (11230) - Implementing strategies for securing and ensuring the privacy of data flows throughout the organization. Create protocols and guidelines for individual IT components in order to avoid misuse of information and breach of individual or organizational privacy.
  • 8.3.2 - Test, evaluate, and implement information security and privacy and data protection controls (11231) - Examining, assessing, and executing the privacy and data controls for information security. Test, analyze, and implement established information security and privacy protocols in order to safeguard the IT function.