IT governance - an introduction
What is IT governance?
The vast majority of modern organisations rely on IT (information technology) in some capacity. In fact, most would be unable to function without it.
However, without a formal governance structure, corporate use of IT can often be at odds with wider business objectives, and return on IT investment not properly realised. The negative effects of this disconnection can be considerable.
Using a formal IT governance framework ensures the alignment of an organisation’s IT and business strategy.
By following such a framework, organisations can demonstrate measurable results against their broader strategies and goals, ensure they meet relevant legal and regulatory obligations, and assure stakeholders that they can have confidence in the use of IT.
ISO 38500 - the IT governance standard
The international standard for the corporate governance of IT is ISO/IEC 38500:2015. This sets out principles, definitions and a high-level framework that organisations of all types and sized can use to better align their IT with organisational decisions.
Buy the IT Governance standard
IT governance frameworks
As well as the international standard ISO 38500, there are numerous widely recognised, vendor-neutral, third-party frameworks that organisations can use to implement an IT governance programme.
Three of the most popular are ITIL®, COBIT® and ISO 27002. Each has its own IT governance strengths – for instance, COBIT focuses more on process management and ITIL on service management – but you might benefit from an integrated approach, using parts of several different frameworks and standards to deliver the results you need.
Follow the links below to find out more about each framework.
ISO 27002 is the international Standard which supports the implementation of an Information Security Management System (ISMS) based on the requirements of ISO 27001.
It establishes the guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organisation.
Browse ISO 27001 products >>
Subdomains of IT governance
In addition to the three frameworks listed above, there are many subdomains of IT governance, including:
- Business continuity management (BCM) and disaster recovery;
- Data privacy, EU GDPR (General Data Protection Regulation) and DPA (Data Protection Act) compliance;
- Information security and ISO 27001
- IT service management, including ITIL and service level management;
- Knowledge management, including intellectual capital;
- Project governance; and
- Risk management.
Areas to consider when implementing an IT governance programme
Calder-Moir IT Governance Framework
- IT governance is a critical component of corporate governance and the Calder-Moir IT Governance Framework provides structured guidance on how to approach this complex subject.
- The framework also provides a useful tool for benchmarking the balance and effectiveness of IT governance practices within an organisation.
- The Calder-Moir IT Governance Framework Toolkit provides practical assistance and guidance for practitioners and board members who are tackling the subject.
IT governance auditing
- As IT governance plays such a key role in strategic performance, internal auditors are expected to include auditing IT governance in their work plans.
How to establish an IT governance framework
The challenge for many organisations is to establish a coordinated, integrated framework that draws on all three of these IT governance frameworks.
We have a wide range of products and services, including books, toolkits and training courses, that can support your organisation’s compliance with these frameworks.
Speak to an expert
If you need help assessing your infrastructure, or require support integrating the standards and key components of an IT governance framework, get in touch with our experts today.
We can help you determine the best steps forward and advise on which of our services would be best suited to your organisation.