IT Best PracticesIT Governance

Lay the Foundation of IT Governance with ISO Standards

Businesses must establish an IT governance outline that aligns with ISO standards like ISO/IEC 38500 to accelerate company growth. Bank for International Settlements (BIS) requires financial establishments to regard IT as critical as their strategic goals. In this article at ISACA, Haris Hamidovic helps to lay the foundation of IT governance with ISO standards.

The Foundational Blocks of IT Governance

According to the IT Governance Institute (ITGI), IT governance ensures that IT delivers business value and alleviates IT-based risks. It aligns IT with business goals as well as makes IT responsible for its actions. So, the core areas are ‘value delivery, risk management, strategic alignment, resource management, and performance measurement.’ While IT governance makes the decisions, IT management ensures those decisions are worked on.

Let’s find out about the foundational concepts of IT governance:


COBIT, ITIL, ISO/IEC 27001 are useful frameworks for middle managers.

COBIT addresses the governance gap in supervision, technical glitches, and business impediments. While establishing transparent policies, it emphasizes on complying to regulations, deriving IT value for the business, and aligns IT with strategy.

IT Infrastructure Library (ITIL) is an IT service management framework that UK-based Central Computer and Telecommunications Agency (CCTA) formed. Though the principal focus area is IT service, ITIL covers other areas as well. However, the best practices present in the document is accepted globally as the standard ITSM guideline.

ISO/IEC 27001:2005 reveals the standards to establish an information security management system in your company. It enables the organization to secure its own and clients’ intellectual assets by detecting, handling, and lowering the risks.

ISO-Enabled Principles and Application

ISO released a set of principles in 2008 that help leaders to assess, lead, and monitor IT in their companies. They are accountability, approach, procurement, execution, compliance, and conduct.

With ISO/IEC 38500, management leaders must analyze the existing and future functions of IT. They should work on plans and policies that enable IT to cater to business goals. Apart from that, they must regularly evaluate compliance with policies and performance. They can implement these activities with a  well-established decision-making framework, aligned processes, and better communications channels.

Significance of Right Questions

IT governance will work only if the top management asks the right questions. Based on that, actions and then review. CICA’s brochure, “20 Questions Directors Should Ask About IT,” helps the inspection and IT steering boards to keep IT governance on track. While the management must adhere to the standard directives, the boards must ensure management compliance with the established framework.

To view the original article in full, visit the following link:

Show More
Back to top button

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.