ramin communications
Governance of Information and Communication Technology

Positioning the IT Governance Standard

26 September 2008

ISO-38500:2008 Corporate Governance of Information Technology (IT) based on the AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology (ICT), was published in May 2008.

These standards provide a framework for the Governance of ICT, comprising a model, principles and a vocabulary. They also reference other standards and relate to methodologies used for project management and control.

• The governance model expects Directors of Organisations to Evaluate, Direct and Monitor the ICT activities of their organisation. The model is based on a flow of information about ICT activities, which may involve Senior Managers on committees, who may be delegated to manage an organisation's ICT activities. The activities may be in the form of:-
  • Projects - initiatives, new directions, planned or expected uses of ICT or
  • Operational use of ICT - the organisation's current uses of Information and Communication Technology.
• The six principles are:
  1. Establish Clearly Understood Responsibilities for ICT
  2. Plan ICT to best support the organisation
  3. Acquire ICT validly
  4. Ensure that ICT performs well, whenever required
  5. Ensure ICT conforms with formal rules
  6. Ensure ICT respects human factors

This Governance framework for ICT (or IT) complements a number of standards, frameworks and methodologies. It also relates to record keeping, fiduciary duties and privacy regulatory and legislative requirements and organisation's internal policies covering Fraud control, Whistleblowing and Corporate Social Responsibility. Relevant Frameworks and Methodologies include:

• The draft Project governance and proposed Operations governance standards are intended to provide guidance on governing ICT in operations and specific projects.
• ISO/IEC 20000 IT Service (Operations in AS8015 vocabulary) Management
• PMBOK and Prince 2 Project Management Methodologies
• ISO 9000 Quality Management Family
• AS8000 series of Corporate Governance Standards
• AS4360 Risk Management Standard
• Control Objectives for Information and related Technology used widely for the Audit of ICT Activities.
• ISO 27000 Information technology - Security techniques - Information security management systems - Overview and vocabulary

For more information contact: Marghanita da Cruz

www.ramin.com.au/itgovernance/IT-Governance.shtml © Ramin Communications last updated 29 September 2008.