a) An IT governance framework is developed that directs the positioning of IT, resource requirements, service continuity in instances of data loss and risk and internal control management. b) The access control security is strengthened to ensure that no unauthorised access takes place.