IT Strategy & Governance
IT Strategy & Governance is a critical component of corporate governance and the frameworks used address key areas of an organisations IT infrastructure, products and services to support the corporate strategies and objectives to achieve compliance.
There is an international IT Governance Standard, ISO/IEC 38500 with latest revision being completed in 2015, the Standard sets out a straightforward framework for the board’s governance of Information and Communications Technology.
There are three widely recognised, vendor-neutral, third-party frameworks which are often described as “IT Governance frameworks”, on their own they are not completely sufficient however they do have some strengths. The frameworks are;
- ITIL (IT Infrastructure Library) – developed by the UK Cabinet Office as a best practise library for IT Service Management. It has been widely adopted around the world and is supported by the international Standard ISO/IEC 20000:2011 upon which an independent certification can be achieved.
- COBIT (Control Objectives for Information and Related Technology) – is an IT Governance framework that helps organisations meet the challenges of businesses today, particularly in areas such as regulatory compliance, risk management and IT Strategy alignment to organisational goals and objectives.
- ISO27002 (supported by ISO27001) – is the global Standard for Information Security Management in organisations, the Standard provides guidelines on organisational information security standards and information security management practises. The system is based on ISO/IEC 27001.
These three frameworks are all part of a best-practise approach to regulatory and corporate governance compliance. The challenge for many organisations is to establish a co-ordinated, integrated framework that draws on all three standards.