There are seven pillars to IT Governance which are as follows;
- Information Security
- Business Continuity
- Quality Management
- IT Service Management
- Project Management
- Knowledge Management
- Risk Management
IT Governance is a critical component of corporate governance and the framework addresses key areas of an organisations IT infrastructure and the pillars support the corporate strategies and objectives to achieve compliance.
There is an international IT Governance Standard, ISO/IEC 38500 with latest revision being completed in 2015, the Standard sets out a straightforward framework for the board’s governance of Information and Communications Technology.
There are three widely recognised, vendor-neutral, third-party frameworks which are often described as “IT Governance frameworks”, on their own they are not completely sufficient however they do have some strengths. The frameworks are;
ITIL (IT Infrastructure Library) – developed by the UK Cabinet Office as a best practise library for IT Service Management. It has been widely adopted around the world and is supported by the international Standard ISO/IEC 20000:2011 upon which an independent certification can be achieved.
COBIT (Control Objectives for Information and Related Technology) – is an IT Governance framework that helps organisations meet the challenges of businesses today, particularly in areas such as regulatory compliance, risk management and IT Strategy alignment to organisational goals and objectives. COBIT is an internationally recognised framework and was updated to version 5 in 2012. It’s focus in particular is on control and measurability of IT through the provision of tools to assess and measure an organisations IT capability for the 37 COBIT processes.
ISO27002 (supported by ISO27001) – is the global Standard for Information Security Management in organisations, the Standard provides guidelines on organisational information security standards and information security management practises. The system is based on ISO/IEC 27001.
These three frameworks are all part of a best-practise approach to regulatory and corporate governance compliance. The challenge for many organisations is to establish a co-ordinated, integrated framework that draws on all three standards.
The following series of articles will help organisations take a step by step approach to reviewing whether each of the key pillars of IT Governance are required and whether the organisation is a position to implement the pillars.
Each of the articles contains a simple guide which asks six basic questions including;
- Is your Management Team committed?
- What are the potential opportunities?
- Are you already meeting the requirements?
- Do you have available budget and resources?
- What are the risk/costs of not having it?
- Will it make you a better business?
Ultimately the implementation and support of any framework is a business decision and the articles and guides will help you decide whether a particular standard or framework is right for you and your organisations.