This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

IT governance - an introduction

What is IT governance?

IT governance is a formal framework that ensures the alignment of an organisation’s IT and business strategy.

By following such a framework, your organisation can demonstrate measurable results against its broader strategies and goals, as well as assure stakeholders that they can have confidence in your use of IT.

The official standard for IT governance is ISO/IEC 38500:2015, which provides an efficient and effective framework for IT governance - leading to better alignment of IT with organisational decisions.

Buy the IT Governance standard

What are ‘IT governance frameworks’?

There are three widely recognised, vendor-neutral, third-party frameworks that are often described as ‘IT governance frameworks’. Although on their own they are not completely adequate for that task, each has significant IT governance strengths:


ITIL is a framework for IT service management (ITSM) based around a five-phase service lifecycle: service strategy, service design, service transition, service operation and continual service improvement.

Widely adopted around the world, ITIL is supported by international ITSM standard ISO/IEC 20000:2011 - against which independent certification can be achieved.

Learn more about ITIL >>

Browse ITIL products >>


COBIT (Control Objectives for Information and Related Technology) is an internationally recognised IT governance control framework that helps organisations meet business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals. COBIT 5, the latest iteration of the framework, was released in 2012.

Learn more about COBIT >>

Browse COBIT products >>

ISO 27002

ISO 27002 is the international Standard which supports the implementation of an Information Security Management System (ISMS) based on the requirements of ISO 27001.

It establishes the guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organisation.

Browse ISO 27001 products >>

Subdomains of IT governance

In addition to the three frameworks listed above, there are many subdomains of IT governance, including:

  • Business continuity management (BCM) and disaster recovery;
  • Data privacy, EU GDPR (General Data Protection Regulation) and DPA (Data Protection Act) compliance;
  • Information security and ISO 27001
  • IT service management, including ITIL and service level management;
  • Knowledge management, including intellectual capital;
  • Project governance; and
  • Risk management.

Key considerations for implementing IT governance

Calder-Moir IT Governance Framework

  • IT governance is a critical component of corporate governance and the Calder-Moir IT Governance Framework provides structured guidance on how to approach this complex subject.
  • The framework also provides a useful tool for benchmarking the balance and effectiveness of IT governance practices within an organisation.
  • The Calder-Moir IT Governance Framework Toolkit provides practical assistance and guidance for practitioners and board members who are tackling the subject.

IT governance auditing

  • As IT governance plays such a key role in strategic performance, internal auditors are expected to include auditing IT governance in their work plans.

Green IT

  • An increasingly relevant subject to IT governance is green IT. In the same way that IT governance is critical to the corporate governance of an organisation, green IT has become essential to the decision making, framework building and business processes of IT governance.
  • We offer a wide range of green IT products, including cutting-edge texts, support manuals, and standards on both green IT and the environmental management standard, ISO 14001. 

Browse our range of green IT products and services >>

How to establish an IT governance framework

The challenge for many organisations is to establish a coordinated, integrated framework that draws on all three of these IT governance frameworks.

We have a selection of free resources that provide more information about the frameworks and the subdomains of IT governance. We also have a wide range of products and services, including books, toolkits and training courses, that can support your organisation’s compliance with these frameworks.

Download our free resources


Shop our range of products and services

Speak to an expert

If you need assistance assessing your infrastructure, or require support integrating the standards and key components of the IT governance framework, get in touch with our experts today. We can help you determine the best steps forward and advise on which of our services would be best suited to your organisation.