AS8015-2005, was published in January 2005. A popular enthusiasm for new technology, has made the objective evaluation of Information and Communication Technology (ICT) difficult. Audit reports into government projects, academic studies and ongoing media coverage (1) demonstrated that the approach to ICT wasn't satisfactory.
While significant financial and organisational investments were made, many ICT projects ended in failure and returned very little to the enterprise.
The use of ICT has become intrinsic to business operations and vital to the well being of organisations. Increasingly, customers and suppliers expect to do business over the Internet. As new business practices continue to be driven by developments in ICT, the threats and opportunities it offers to organisations need to be monitored and managed effectively.
Work which was to lead to the publication of AS8015 - 2005 Australian Standard for Corporate Governance of ICT commencd in 2002. The dot.com bubble had burst in 2000 and household names such as HIH, Ansett One.Tel, Enron and Worldcom had failed.
AS8015-2005 is a brief and concise, 12 page guide to effectively governing the use of ICT. This standard positions the governance of Information and Communication Technology, within organisations, a Corporate Governance function.
"Corporate Governance of Information and Communication Technology (ICT) is the system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organization." - AS8015:2005
The AS8015 framework provides a model, vocabulary and six Principles for Good Governance of ICT
The standard provides a framework for "Directors", those to whom they turn to for advice or those to whom they delegate responsibilities for managing the Security, Finances, IT strategy and operations of the organisation, such as Senior managers, technical specialists, vendors and service providers, to meet their obligations for the use of ICT in their organisations.
AS8015 provides a context for existing management methodologies - specifically identifying four standards ISO 27000 (security management), ISO 9000(quality management), ISO 20000(service management) and AS4360 (Risk Management). It also identifies areas of Legislation which affects the ICT may be used - such as record keeping, trade practices, intellectual property and privacy.
AS8015 was submitted for fast-track ISO adoption and published, largely unchanged, as ISO/IEC 38500:2008 Corporate governance of information technology in May 2008.
The AS8015 model categorises ICT activities into projects and operations - A Draft standard for "Corporate governance of projects involving information technology investments" has been issued for public comment.
Marghanita da Cruz joined the Standards Australia IT Governance working group in 2002. She instigated and co-ordinated market research to position and scope the work of the group. Between 2003 and 2006, Marghanita also represented the Australian Computer Society (ACS) on the Standards Australia IT-030 ICT Governance and Management Committee. She established the ACS's Governance of ICT committee in 2003, and chaired it until 2006. In 2004, with the support of the ACS, Marghanita presented a series of seminars, to socialise and seek feedback on the draft standard for corporate governance of information and communication technology.
In 2005, Marghanita established the ICT Governance Forum online discussion list.
In 2006, Marghanita wrote the chapter on the Australian Standard for Frameworks for IT Management. Frameworks for IT Management, including the chapter on AS8015 is available on Google Books and is also available in Japanese, German and Chinese and as a Pocket Guide in English and Dutch.
Interview with GRC-ME (May 2010)