IT Governance Defined

IT Governance is "a framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization’s IT supports and enables the achievement of its strategies and objectives." (IT Governance: a Pocket Guide).

Order your copy of ISO/IEC 38500 - the Official International IT Governance Standard (read more about ISO/IEC 38500)

Order COBIT publications OR read more about .

The sub-domains of IT governance include

Business continuity and disaster recovery
Regulatory compliance
Information governance and information security
IT Service Management, including ITIL^® and Service Level Management
Knowledge Management, including Intellectual Capital
Project governance
Risk management

This site provides extensive information and advice on IT governance, as well as

An opportunity to browse our well-stocked IT governance bookshop;
Special tools useful to the IT governance practitioner;
- including CobiT and Val IT
Training services;
Consulting services;
Material on IT Service Management (of which ITIL is a key component);
A selection of IT governance standards.

Calder-Moir IT Governance Framework

IT governance is a critical component of corporate governance; the Calder-Moir IT Governance Framework provides structured guidance on how to approach this complex subject. The framework also provides a useful tool for benchmarking the balance and effectiveness of IT governance practices within an organization, and the IT Governance Toolkit provides practical assistance and guidance for practitioners and board members who are tackling the subject.

IT Governance for Executives

IT Governance is a key subject for company directors and executives. The leading books on the subject are:

Other Resources

Our special IT Governance Board Awareness Toolkit can help your board get to grips with how IT governance fits with the Turnbull Report, the UK Combined Code and the requirements of Sarbanes Oxley.
A 'triptych' of IT Governance Pocket Guides describe IT governance, as well as providing an overview of IT-related regulatory compliance requirements in the UK and North America.
BOARD BRIEFING ON IT GOVERNANCE - if you would like a free copy of the most recent version of our (mercifully short) Board Briefing on IT Governance, please provide your email address and we will email the download link to you.

Download the free IT Governance Board Briefing:

ISO/IEC 38500

The world's formal international IT Governance Standard, ISO/IEC 38500, was published in June 2008. It built on the trail-blazing work done by the Australian Standards Instititute who published AS 8015 in 2005. ISO/IEC 38500 sets out a very straightforward framework for the board's governance of Information and Communications Technology. Irrespective of its geographic origin, the standard is a key resource for IT governance professionals everywhere in the world.

ITIL, CobiT^® and ISO17799

There are three widely-recognised, vendor-neutral, third party frameworks that are often described as 'IT governance frameworks'. While, on their own, they are not completely adequate to that task, each has significant IT governance strengths.

ITIL, or IT Infrastructure Library^®, was developed by the UK's Office of Government Commerce as a library of best practice processes for IT service management. Widely adopted around the world, ITIL is supported by ISO/IEC 20000:2005, against which independent certification can be achieved. On our ITIL page, you can access a free briefing paper on ITIL, IT Service Management and ISO20000.
CobiT^®, or Control Objectives for Information and related Technology, now in version 4.1, was developed by America's IT Governance Institute. CobiT is increasingly accepted as good practice for control over information, IT and related risks. Its guidance helps organizations implement effective governance over enterprise-wide IT. In particular, CobiT's Management Guidelines component contains a framework for the control and measurability of IT by providing tools to assess and measure the enterprise’s IT capability for the 34 identified CobiT processes. Governance of the Extended Enterprise, published by the IT Governance Institute, explores how some of the world's most successful enterprises have integrated information technology with business strategies, culture, and ethics to optimize information value, attain business objectives, and capitalize on technologies in highly competitive environments.
ISO17799, now renumbered as ISO27002 and supported by ISO 27001, (both issued by the International Standards Organization in Geneva), is the global best practice standard for information security management in organizations.

Joint Framework

ISO 17799 (ISO27002), ITIL and CobiT are all, potentially, part of any best-practice approach to regulatory and corporate governance compliance. The challenge, for many organizations, is to establish a co-ordinated, integrated framework that draws on all three of these standards. The recently released Joint Framework, put together by the ITGI (owners of CobiT) and the OGC (owners of ITIL) is a significant step in the right direction. Here is a webinar that describes how to leverage this best-practice framework to simplify your regulatory compliance.

The Impact of Green IT

An increasingly relevant subject requiring consideration within the sphere of IT Governance is the issue of Green IT. In the same way that IT Governance is a critical component within the Corporate Governance of an organisation, Green IT has become an essential aspect within the decision making, framework building, and business processes, of IT Governance.

Find further information on Green IT here and a selection of cutting edge texts, support manuals, and standards on both Green IT and the Environmental Management Standard ISO 14000.