This Tactical Tier control triangle seeks to define, align, and execute the organisation’s long-term goals and objectives through the development and implementation of integrated business and technology plans.

This control rolls down from the Manage Demand Domain and cascades into: 1.1.1.1 Product Strategy, 1.1.1.2 People Strategy, 1.1.1.3 Finance Strategy controls.

---

Control Mappings:
Cobit:2019 ➡️ EDM01; EDM01.01; EDM01.02; EDM02; EDM02.01; EDM03; EDM03.02; EDM05; EDM05.02; APO01; APO01.02; APO02; APO02.01; APO02.05; APO02.06; APO06; APO06.02; APO08; APO08.01
GDPR:2024 ➡️ Art.5; Art.25
ISO27001:2022 ➡️ 4; 4.1; 5; 5.1; 6; 6.1.1; 6.2
ISO27005:2022 ➡️ 6; 6.1
ISO31000:2018 ➡️ 4; 6.3.1
ISO38500:2024 ➡️ 4; 4.1; 4.1.2; 4.2; 5; 5.2; 5.2.1; 5.3.1; 5.4.1; 5.7.1
ITIL:v4 ➡️ GM1; GM2; GM5; GM6; GM7; GM8; GM10; GM11; GM12; GM14; SM16
NIST:CSFv2 ➡️ GV; GV.OC; GV.OC-01; GV.OC-04; GV.RM; GV.RM-01; GV.RM-04; GV.RM-07; GV.RR-03; GV.PO-01; GV.OV-02; ID.AM-05
MaRisk:2024 ➡️ AT 4.2(1); AT 4.2(2); AT 4.2(4); AT 7.2(1)