IT Governance

There are seven pillars to IT Governance which are as follows;

  • Information Security
  • Business Continuity
  • Quality Management
  • IT Service Management
  • Project Management
  • Knowledge Management
  • Risk Management

IT Governance is a critical component of corporate governance and the framework addresses key areas of an organisations IT infrastructure and the pillars support the corporate strategies and objectives to achieve compliance.

There is an international IT Governance Standard, ISO/IEC 38500 with latest revision being completed in 2015, the Standard sets out a straightforward framework for the board’s governance of Information and Communications Technology.

There are three widely recognised, vendor-neutral, third-party frameworks which are often described as “IT Governance frameworks”, on their own they are not completely sufficient however they do have some strengths. The frameworks are;

ITIL (IT Infrastructure Library) – developed by the UK Cabinet Office as a best practise library for IT Service Management. It has been widely adopted around the world and is supported by the international Standard ISO/IEC 20000:2011 upon which an independent certification can be achieved.

COBIT (Control Objectives for Information and Related Technology) – is an IT Governance framework that helps organisations meet the challenges of businesses today, particularly in areas such as regulatory compliance, risk management and IT Strategy alignment to organisational goals and objectives. COBIT is an internationally recognised framework and was updated to version 5 in 2012. It’s focus in particular is on control and measurability of IT through the provision of tools to assess and measure an organisations IT capability for the 37 COBIT processes.

ISO27002 (supported by ISO27001) – is the global Standard for Information Security Management in organisations, the Standard provides guidelines on organisational information security standards and information security management practises. The system is based on ISO/IEC 27001.

These three frameworks are all part of a best-practise approach to regulatory and corporate governance compliance. The challenge for many organisations is to establish a co-ordinated, integrated framework that draws on all three standards.

The following series of articles will help organisations take a step by step approach to reviewing whether each of the key pillars of IT Governance are required and whether the organisation is a position to implement the pillars.

Each of the articles contains a simple guide which asks six basic questions including;

  • Is your Management Team committed?
  • What are the potential opportunities?
  • Are you already meeting the requirements?
  • Do you have available budget and resources?
  • What are the risk/costs of not having it?
  • Will it make you a better business?

Ultimately the implementation and support of any framework is a business decision and the articles and guides will help you decide whether a particular standard or framework is right for you and your organisations.

USEFUL RESOURCES

Infomation Security & Data Protection

Information Security is a management system to identify risks to your important information and put in place the appropriate controls to help reduce the risk.

ISO27001:2013
ISO27001:2013

If you're thinking about implementing ISO 27001:2013, then this guide will help you make an assessment of whether you are ready for the challenges ahead.

Business Continuity

Business Continuity specifies the requirements for a management system to protect against, reduce the likelihood of an ensures your organisation recovers from disruptive incidents.

ISO22301
ISO22301

If you're thinking about implementing ISO 22301, then this guide will help you make an assessment of whether you are ready for the challenges ahead.

Quality Management

A management system to continually monitor and manage quality across all operations, outlines ways to achieve and benchmark consistent performance and service.

Are you ready for ISO9001:2015
Are you ready for ISO9001:2015

If you’re thinking about implementing ISO 9001:2015, then this guide will help you make an assessment of whether you’re ready to face the challenges ahead

IT Service Management

A management system to continually monitor and manage IT services across all operations, outlines ways to achieve and benchmark consistent performance and service.

Are you ready for ITIL
Are you ready for ITIL

If you’re thinking about implementing an IT Service Management model using ITIL, then this guide will help you make an assessment of whether you’re ready to face the challenges ahead

Knowledge Management

The term Knowledge Management designates an approach to improving organisational outcomes and learning by introducing into an organisation a range of specific process and practises for identifying and capturing knowledge, expertise and other intellectual capital for making available for transfer or reuse.

Are you ready for Knowledge Management
Are you ready for Knowledge Management

Knowledge management is the process of capturing, distributing and effectively using knowledge. It is primarily about managing the knowledge of and in organisations.

Project Management

A process driven project management methodology to continually monitor and manage projects across all operations, outlines ways to achieve and benchmark consistent project performance and delivery.

Are you ready for Prince2
Are you ready for Prince2

If you’re thinking about implementing an Project Management Methodology using Prince2, then this guide will help you make an assessment of whether you’re ready to face the challenges ahead.

Risk Management

Enterprise Risk Management is a fundamental responsibility of governance. Creation of a set of methods and processes used by an organisation to manage risk and to take advantage of opportunities related to business goals is part of the supporting framework.

Are you ready for Risk Management
Are you ready for Risk Management

Enterprise Risk Management is a fundamental governance responsibility.  It is a set of methods and processes used by organisations to manage risk and take advantage of opportunities related to the business goals.