#Entry 10 - Governance in IT

Recently I was going through an article on Corporate Governance, which although half a decade old, seemed quite relevant even in today’s date. It lists the eight core Guiding Principles of Corporate Governance.

Principles of Corporate Governance. (2016, September 8). The Harvard Law School Forum on Corporate Governance. https://corpgov.law.harvard.edu/2016/09/08/principles-of-corporate-governance/

This brings me to today’s topic- ISO 38500 - ISO/IEC Standard for Corporate Governance of Information Technology. ISO/IEC 38500:2008 was the initial version which came out while the latest version is 2015.

ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations.

ISO/IEC 38500:2015 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. ISO/IEC 38500:2015 is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.

ISO/IEC 38500:2015. (2015). ISO. https://www.iso.org/standard/62816.html

Fran?ois Coallier, Professor of Software, and IT Engineering at école de technologie supérieure (éTS) and former chair of the ISO subcommittee, Software, and systems engineering, which developed the standard, said that most organizations use IT as a fundamental business tool, and few can function without it. IT is also a significant enabler in the future business plans of many organizations and ISO/IEC 38500 will help the governing body to evaluate, direct and monitor the use of IT. I remember reading about a Case Study on Corporate Governance of IT using ISO 38500 which was presented at the itSMF Australia 11th National Conference where Mark Toomey highlights about the experience at Midco. Of course, it’s been almost 15 years since the experience but for me even today it is a noteworthy read. For those of you with an interest in IT Security Governance can surely refer to IT Security Governance: A Framework based on ISO 38500 where I found some of the challenges in IT security governance to be quite pertinent.

Ahuja, Suchit and Chan, Yolande E., "IT Security Governance: A Framework based on ISO 38500" (2015). CONF-IRM 2015 Proceedings. 27. https://aisel.aisnet.org/confirm2015/27

Of course, no article about IT Governance can be deemed complete without the mention of COBIT, the latest version of which is COBIT 2019.

COBIT | Control Objectives for Information Technologies. (2022). ISACA. https://www.isaca.org/resources/cobit

So now the next question that might pop up in your mind maybe – what is the relationship between ISO 38500 and COBIT? Well, that is the content for another day

要查看或添加评论,请登录

Sudipto Banerjee的更多文章

  • Knowledge Management: A brief overview

    Knowledge Management: A brief overview

    Did you know that Peoplecert published the latest version of ITIL?4 Knowledge Management Official Practice Guide…

  • ITSM in space!!!

    ITSM in space!!!

    You might have heard the phrase “Its not that you are working on rockets” multiple times in your career. A lot of you…

  • Incident Resolution and the 3 strike rule

    Incident Resolution and the 3 strike rule

    Have you heard of the 3-strike rule in the world of ITIL? One of the key practices within ITIL4 is Incident Management,…

  • Measure for good

    Measure for good

    Measurement and reporting is one of the newer practices introduced by ITIL 4. As per ITIL4, measurement clarifies the…

  • Emergency or not - Change Requests

    Emergency or not - Change Requests

    #itil4 #changemanagment Some concepts have changed between ITIL V3 and ITIL 4. However, the definition of a change…

  • #Entry 12 - Service Catalogue

    #Entry 12 - Service Catalogue

    During one of the recent conversations with a potential client, we started discussing their current and planned state…

  • #Entry 11 - Service Introduction

    #Entry 11 - Service Introduction

    Today I was attending a knowledge session organised by our team on Service Introduction, a term I am sure a lot of…

    1 条评论
  • Entry #9

    Entry #9

    In one of my earlier articles, I had mentioned about the concept of Service Request and how I have seen some people…

    1 条评论
  • #Entry 8

    #Entry 8

    When I started writing this series of articles, I had thought of contributing on a regular basis. However, it has been…

  • #Entry 7

    #Entry 7

    2011- My MBA was coming to an end and in my mind, I was juggling back and forth between ITIL and PRINCE2- which…

社区洞察

其他会员也浏览了