Estimated reading time: 8 minutes
Organizations are subject to multiple legislative and regulatory requirements that govern confidential information protection, financial responsibility, data retention, and disaster recovery around the world.
Furthermore, organizations need to ensure that they have a robust ICT environment for shareholders, stakeholders and customers. To ensure that organizations meet relevant internal and external requirements, organizations can implement a formal ICT governance program that provides a framework of best practices and controls.
There are several defitions of ICT Governance, let's see some of them:
The graduate school of the University of Nottingham has published research on ICT governance where a defition and a more specific framework, and which helps understanding. ICT Governance comes defiended like this: “specify the decision rights and accountability framework to encourage desirable behaviors in the use of IT. The complexity and difficulty of explaining IT governance is one of the most serious obstacles to improvement”.
This study describes an operating framework of ICT governance:
The framework provides a set of tools, processes and mechanisms with the aim of ensuring that IT investments support business objectives.
The need for formal IT and corporate governance practices in organizations has been fueled by the enactment of laws and regulations, all over the world.
Let's see some examples:
il Gramm–Leach–Bliley Act (GLBA) and Sarbanes-Oxley Act , in the 1990s and early 2000s. These laws resulted from the aftermath of several high-profile cases of corporate fraud and deception;
GDPRThe General Data Protection Regulation (GDPR) is a pan-European data protection law. The EU Data Protection Directive 1995 and all other member state laws that have been based on it, including the UK DPA (Data Protection Act) 1998, have been replaced by the GDPR. Regulations and directives are the two main types of legislative acts applied by EU states. The regulations apply directly to all EU member states and are binding. Directives, on the other hand, are agreements on the objectives that member states must achieve with national legislation.
King IV, arises from the idea of good corporate governance that comes from the recognition that organizations form an integral part of society, therefore, organizations are held accountable to any current or future stakeholder. The framework introduced an “apply and explain” regime which recommends transparency for organizations when applying their corporate governance practices.
ITIL: Information Technology Infrastructure Library (ITIL) is a framework that aligns IT services with business needs. The framework elaborates activities, procedures and checklists that are not company-specific but can be part of an organization's strategic plan for maintaining proficiency. The framework can be used to demonstrate compliance and measure improvement within a company.
COBIT: acronym for Control Objectives for Information and Related Technologies. Basically, COBIT is a framework created by the Information Systems Audit and Control Association (ISACA) for Information Technology Management and IT Governance. The framework highlights and defiends the generic process of IT Management processes, their objectives and outputs, the key processes and the Objectives. The framework measures performance and maturity using the Capability Maturity Model (CMM), which is a tool for studying data collected by contracted organizations in the US Defense Force.
model for assessing internal controls comes from the Committee of Sponsoring Organizations of the Treadway Commission (COSO). COSO's focus is less specific to IT than the other frameworks, focusing more on business aspects such as enterprise risk management (ERM) and fraud prevention.
CMMI : The Capability Maturity Model Integration method, developed by the Software Engineering Institute, is an approach to performance improvement. The method uses a scale of 1 to 5 to measure the maturity level of an organization's performance, quality and profitability.
FAIR : Factor Analysis of Information Risk ( FAIR ) is a relatively new model that helps organizations quantify risk. The focus is on cyber security and operational risk, with the goal of making more informed decisions. While it's newer than other frameworks mentioned here, Calatayud points out that it's already gained a lot of traction with Fortune 500 companies.
Essentially, IT governance provides a framework for aligning IT strategy with business strategy. By following a formal framework, organizations can produce measurable results toward achieving their strategies and goals. A formal program also takes into account the interests of stakeholders, as well as the needs of the staff and processes they follow. In the big picture, IT governance is an integral part of overall corporate governance.
Organizations today are subject to numerous regulations governing the protection of confidential information, financial liability, data retention, and disaster recovery, among others.
To ensure internal and external requirements are met, many organizations implement a formal IT governance program that provides a framework of best practices and controls.
The easiest way is to start with a framework built by industry experts and used by thousands of organizations. Many frameworks include implementation guides to help organizations phase in an IT governance program with fewer bottlenecks. The previous paragraph lists some frameworks with relative links.
Ercole Palmeri
An ophthalmoplasty operation using the Apple Vision Pro commercial viewer was performed at the Catania Polyclinic…
Developing fine motor skills through coloring prepares children for more complex skills like writing. To color…
The naval sector is a true global economic power, which has navigated towards a 150 billion market...
Last Monday, the Financial Times announced a deal with OpenAI. FT licenses its world-class journalism…
