The recent IT governance standard released by the International Organization for Standardization (ISO) marks the global recognition of the importance of IT governance, and is applicable to enterprises of all types and sizes.
To help organizations adopt ISO/IEC 38500: 2008—Corporate governance of information technology, the nonprofit, independent IT Governance Institute (ITGI) has released a free white paper, available at www.isaca.org. Titled ITGI Enables ISO/IEC 38500:2008 Adoption, the paper explains how ITGI frameworks and research provide implementation support that organizations can tailor to their specific needs.
“For effective adoption of the ISO/IEC IT governance standard, organizations need specific guidance depending on their size, risk tolerance, IT investments and culture,” said Robert Stroud, international vice president of ITGI and vice president of service management and governance at CA. “As an independent research organization designed to help organizations of all sizes and in all industries, ITGI provides free guidance that provides direct support to all enterprises that adopt this standard.”
The ITGI white paper outlines which specific framework processes and research publications support each of the six principles of the ISO/IEC standard—Responsibility, Strategy, Acquisition, Performance, Conformance and Human Behavior. A chart provides clear identification of which publications and processes support which principle.
The good practices in the Control Objectives for Information and related Technology (COBIT) framework are a common approach to effective IT control. It has been adopted globally as the de facto standard control model for implementing and demonstrating effective IT governance and management. Val IT, a newer framework based on COBIT, helps organizations govern IT-enabled investments. Processes in both of these frameworks provide direct support for the ISO standard. Both frameworks are available as complimentary downloads (www.itgi.org/COBIT and www.itgi.org/valit).
“The significance of information and technology is evident in every aspect of business and public life, and the need to better manage IT investments and an increasing array of IT-related risks has never been greater,” said Stroud. “The new ISO standard provides a much-needed focus on IT governance and will help organizations attain more value from their information technology.”
The IT Governance Institute (ITGI) (www.itgi.org) is a nonprofit, independent research entity that provides guidance for the global business community on issues related to the governance of IT assets. ITGI was established by the nonprofit membership association ISACA in 1998 to help executives and IT professionals ensure that IT delivers value and its risks are mitigated through alignment with enterprise objectives, IT resources are properly managed, and IT performance is measured. ITGI developed COBIT and Val IT, and offers original research and case studies to help enterprise leaders and boards of directors fulfill their IT governance responsibilities and help IT professionals deliver value-adding services.
With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the ISACA Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 10,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.