This Operational Tier control triangle seeks to define, align, and execute the organisation’s long-term goals and objectives by developing and implementing integrated business and technology plans, ensuring optimal structure, resource allocation, and execution of strategic initiatives across all organisational systems.

This control rolls down from the Manage Demand Domain and cascades into: 1.1.1-Strategic Plan, 1.1.2-Organization Structure, and 1.1.3-Strategic Program control subdomains.

---

Control Mappings:
Cobit:2019 ➡️ EDM04; EDM04.02; APO01; APO01.01; APO04; APO04.02; APO05; APO05.04; APO08; APO08.01; BAI04; BAI04.03; BAI05; BAI05.03
GDPR:2024 ➡️ Art.23; Art.24; Art.47
ISO27001:2022 ➡️ 4; 4.1; 5; 5.1
ISO27005:2022 ➡️ 6; 6.1
ISO31000:2018 ➡️ 5; 5.1
ISO38500:2024 ➡️ 4; 4.1; 4.1.1; 4.2; 5; 5.1; 5.2.1; 5.4; 5.4.1; 5.8.1; 6.2.3; 7; 7.1; 7.2.2
ITIL:v4 ➡️ GM7; GM12
NIST:CSFv2 ➡️ GV.OC-01