ISO/IEC 38500 is the International Standard for the Corporate Governance of Information Technology and is the official IT governance standard.
This standard applies to the governance of management processes relating to the information and communication services used by an organisation. These processes could be controlled by IT specialists within an organisation or by external service providers.
Sub-domains of IT Governance
Broadly speaking, the sub-domains of IT governance include:
- COBIT® (Control Objectives for Information and Related Technology), which is an IT governance control framework that helps organisations meet business challenges in the areas of regulatory compliance, risk management and the alignment of IT strategy with organisational goals. IT Governance Europe carries the full range of COBIT 5 resources on our website.
- ITIL® (the IT Infrastructure Library®) describes best practice processes for IT service management. Widely adopted around the world, ITIL is supported by ISO/IEC 20000, against which independent certification can be achieved. The ITIL (2011) Lifecycle Publication Suite contains official guidance for adopting best practice IT service management.
- ISO 27002 is designed to support ISO 27001 (which is also issued by the International Standards Organisation in Geneva), and is the global best practice standard for information security management in organisations.
These are the three most widely recognised, vendor-neutral, third party IT governance frameworks. While none of them is completely adequate to that task individually, each has significant IT governance strengths.
ISO 27002, ITIL and COBIT are all potential parts of a best-practice approach to regulatory and corporate governance compliance. The challenge for many organisations is to establish a coordinated, integrated framework that draws on all three of these standards. The recently released Joint Framework was put together by the IT Governance Institute (ITGI ), the owners of COBIT, and by AXELOS, the owners of ITIL , and is a significant step in the right direction. The Joint Framework document provides detailed mappings of the various clauses within each of these frameworks and simplifies the planning process for any simultaneous implementation of more than one of these three frameworks.
Some of the key sub-domains of IT governance are:
- Business continuity and disaster recovery
- Enterprise Architecture
- Regulatory compliance
- Information governance and information security
- IT Service Management, including ITIL® and Service Level Management
- Knowledge Management, including Intellectual Capital
- Leadership skills
- Project governance
- Risk management
You maybe also interested in: