A program framework is a plan or a formal security management system that will allow the security organization within a company to create and manage a security strategy designed to meet the goals and objectives established by the company’s senior management.

· Short and long-term security goals are identified and implemented
· Minimizes “silos” of security controls that create complexity and excessive security program costs
· Provides specific reportable progress points for reporting to senior management and external auditors
· Provides a measure of predictability for budgeting and resource planning

The JCHCI Security Program Framework begins with a high-level statement of goals and objectives and ends with a detailed plan that meets the organization’s compliance and business objectives.

· The plan provides a maturity path that is flexible enough to re-prioritize itself to meet the ever-changing world we live in by integrating the security efforts into a single over-all strategy.
· The plan takes into account any existing security efforts and helps to tie the efforts together into an operational plan that reduces duplicated effort and wasted resources.