a) An IT governance framework is developed that directs the positioning of IT, resource requirements, service continuity in instances of data loss and risk and internal control management. b) The access control security is strengthened to ensure that no unauthorized access takes place. c) The IT steering committee is established to assist the board with IT governance.