Specialist Services and Solutions

Books, Standards, Tools, and Distance Learning
for IT Governance, Risk Management,
Compliance and Information Security

IT Governance

"IT Governance" is a term that is widely used to describe a number of aspects of governing and managing Information Technology within an organisation.

IT Governance Defined

IT Governance is "a framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization’s IT supports and enables the achievement of its strategies and objectives." (IT Governance: a Pocket Guide).  

IT Governance, in other words, is not the same thing as IT management - governance is a framework that should be designed to ensure that management is successful and that risks are identified and appropriately controlled. 

ISO/IEC 38500

There is now an international standard for IT Governance, ISO/IEC 38500; you should order your own copy of ISO/IEC 38500 - the International IT Governance Standard or read this ISO38500 Pocket Guide.

Cobit - Control Objectives for Information and related Technology

Unlike ISO/IEC 38500, which is a public, internationally developed and recognised standard, Cobit is a private standard, developed by ISACA and the IT Governance Institute, to provide a control framework for Information and Communication Techology.

You can order the full range of  COBIT and ValIT publications from this store. 

Sub-domains of IT Governance

Broadly speaking, the sub-domains of IT governance include:
Business continuity and disaster recovery
Enterprise Architecture 
Regulatory compliance
Information governance and information security  
IT Service Management, including ITIL® and Service Level Management
Knowledge Management, including Intellectual Capital
Leadership skills
Project governance
Risk management

Calder-Moir IT Governance Framework

IT governance is a critical component of corporate governance; the Calder-Moir IT Governance Framework provides structured guidance on how to approach this complex subject. The framework also provides a useful tool for benchmarking the balance and effectiveness of IT governance practices within an organization, and the IT Governance Toolkit provides practical assistance and guidance for practitioners and board members who are tackling the subject. 

ITIL, CobiT® and ISO27002

There are three widely-recognised, vendor-neutral, third party frameworks that are often described as 'IT governance frameworks'. While, on their own, none of them are completely adequate to that task, each has significant IT governance strengths.

ITIL, or IT Infrastructure Library®, was developed by the UK's Office of Government Commerce as a library of best practice processes for IT service management. Widely adopted around the world, ITIL is supported by ISO/IEC 20000, against which independent certification can be achieved.
CobiT®, or Control Objectives for Information and related Technology, now in version 4.1, was developed by America's IT Governance Institute. CobiT is increasingly accepted as good practice for control over information, IT and related risks. Its guidance helps organizations implement effective governance over enterprise-wide IT. In particular, CobiT's Management Guidelines component contains a framework for the control and measurability of IT by providing tools to assess and measure the enterprise’s IT capability for the 34 identified CobiT processes. Governance of the Extended Enterprise, published by the IT Governance Institute, explores how some of the world's most successful enterprises have integrated information technology with business strategies, culture, and ethics to optimize information value, attain business objectives, and capitalize on technologies in highly competitive environments.
ISO27002 which is designed to support ISO 27001, (both issued by the International Standards Organization in Geneva), is the global best practice standard for information security management in organizations.

Joint Framework

ISO27002, ITIL and CobiT are all, potentially, part of any best-practice approach to regulatory and corporate governance compliance. The challenge, for many organizations, is to establish a co-ordinated, integrated framework that draws on all three of these standards. The recently released Joint Framework, put together by the ITGI (owners of CobiT) and the OGC (owners of ITIL) is a significant step in the right direction. The Joint Framework document provides detailed mappings of the various clauses within each of these frameworks and simplifies the planning process for any simultaneous implementation of more than one of these three.

Enterprise Architecture 

Enterprise Architecture is another important sub-domain of IT Governance - frameworks like TOGAF are enormously useful in developing coherent IT architectures.