SlideShare una empresa de Scribd logo

Iso iec 38500 ict governance workbook

Descargar como DOCX, PDF
H
Hazel Jennings

This document outlines a framework for ICT governance based on the ISO/IEC 38500 standard, modified for non-profit organizations. It describes six key dimensions that board members should monitor, evaluate, and direct: responsibility, strategy, acquisition, performance, conformance, and human behavior. For each dimension, it lists requirements from the standard and provides a column to note implications for developing an ICT governance policy, including questions, strengths/weaknesses, and anything already in place. The framework is intended to guide a board workshop discussion on defining the policy.

EmpresarialesTecnología
1 de 9
Commercial in Confidence The ICT Governance Standard This diagram encapsulates ICT governance as defined by the ISO/IEC 38500 standard modified for a non-profit organisation. The core duties are the monitor, evaluate and direct ICT. The standard suggests six dimensions in which directors should carry out these duties. Responsibility Strategy Acquisition Performance Conformance Human Behaviour Page 1 of 9
Commercial in Confidence The following tables lists the tasks required to monitor evaluate and direct each dimension. Our board workshop will include a discussion about this framework and will start defining the implications in terms of policy, reporting and KPIs. You’ll note that some of the requirements are that we’ve defined our requirements. And in many cases the monitoring, evaluating and directing are all encompassed by having a policy in place. So this list isn’t a daunting as it appears from the number of pages involved. Please start by making notes in the Implications column ready for a group discussion. In that discussion we will effectively make a first outline draft of your governance framework for later revision and refinement. In the first instance make a note of Any questions arising Strengths and opportunities Weaknesses and threats Anything already in place Anything from another source you think could be helpful Page 2 of 9
Commercial in Confidence Direct Evaluate Monitor DIMENSION: RESPONSIBILITY REQUIREMENT (from ISO 38500) IMPLICATIONS Directors should monitor that appropriate ICT governance mechanisms are established and maintained. Directors should monitor that those given responsibility acknowledge and understand their responsibilities. Directors should monitor the performance of those given responsibility in the governance of ICT (for example, those people serving on steering committees or presenting proposals to director(s) Directors should evaluate the options for assigning responsibilities in respect of the organization’s current and future use of ICT. In evaluating options, directors should seek to ensure effective, efficient, and acceptable use and delivery of ICT in support of current and future business objectives. Directors should evaluate the competence of those given responsibility to make decisions regarding ICT. Directors should direct that plans be carried out according to the assigned ICT responsibilities. Directors should direct that they receive the information that they need to meet their responsibilities and accountability. Page 3 of 9
Commercial in Confidence Direct Evaluate Monitor DIMENSION: STRATEGY REQUIREMENT Directors should monitor the progress of approved ICT proposals to ensure that they are achieving objectives in required timeframes using allocated resources. Directors should monitor the use of ICT to ensure that it is achieving its intended benefits IMPLICATIONS Directors should evaluate developments in ICT and business processes to ensure that ICT will provide support for future business needs. In considering plans and policies, directors should evaluate ICT activities to ensure they align with the organization’s objectives for changing circumstances, take consideration of better practices and satisfy other key stakeholder requirements. Directors should ensure that ICT is subject to appropriate risk assessment and evaluation, as described in relevant international and national standards. Directors should direct the preparation and use of plans and policies that ensure the organization does benefit from developments in ICT. Directors should encourage the submission of proposals for innovative ICTuse that enables the organization to respond to new opportunities or challenges, undertake new businesses or improve processes. Page 4 of 9
Commercial in Confidence Direct Evaluate Monitor DIMENSION: AQUISITION REQUIREMENT Directors should monitor ICT investments to ensure that they provide the required capabilities. Directors should monitor the extent to which their organization and suppliers maintain the shared understanding of the organization's intent in making any ICT acquisition Directors should evaluate options for providing ICT to realize approved proposals, balancing risks and value for money of proposed investments. IMPLICATIONS Directors should direct that ICT assets (systems and infrastructure) be acquired in an appropriate manner, including the preparation of suitable documentation, while ensuring that required capabilities are provided. Directors should direct that supply arrangements (including both internal and external supply arrangements) support the business needs of the organization. Page 5 of 9
Commercial in Confidence Evaluate Monitor DIMENSION: PERFORMANCE REQUIREMENT Directors should monitor the extent to which ICT does support the business. Directors should monitor the extent to which allocated resources and budgets are prioritised according to business objectives. Directors should monitor the extent to which the policies, such as for data accuracy and the efficient use of ICT, are followed properly Directors should evaluate the means proposed by the managers to ensure that ICT will support business processes with the required capability and capacity. These proposals should address the continuing normal operation of the business and the treatment of risk associated with the use of ICT. Directors should evaluate the risks to continued operation of the business arising from ICT activities. Directors should evaluate the risks to the integrity of information and the protection of ICT assets, including associated intellectual property and organizational memory. Directors should evaluate options for assuring effective, timely decisions about use of ICT in support of business goals. Directors should regularly evaluate the effectiveness and performance of the organization’s system for Governance of ICT. Directors should ensure allocation of sufficient resources so that ICT meets the needs of the organization, according to the agreed priorities and budgetary constraints. IMPLICATIONS Page 6 of 9
Commercial in Confidence IMPLICATIONS Direct DIMENSION: PERFORMANCE continued REQUIREMENT Directors should ensure allocation of sufficient resources so that ICT meets the needs of the organization, according to the agreed priorities and budgetary constraints. Directors should direct those responsible to ensure that ICT supports the business, when required for business reasons, with correct and up-to-date data that is protected from loss or misuse. Page 7 of 9
Commercial in Confidence Direct Evaluate Monitor DIMENSION: CONFORMANCE REQUIREMENT Directors should monitor ICT compliance and conformance through appropriate reporting and audit practices, ensuring that reviews are timely, comprehensive, and suitable for the evaluation of the extent of satisfaction of the business. Directors should monitor ICT activities, including disposal of assets and data, to ensure that environmental, privacy, strategic knowledge management, preservation of organizational memory and other relevant obligations are met Directors should regularly evaluate the extent to which ICT satisfies obligations (regulatory, legislation, common law, contractual), internal policies, standards and professional guidelines. Directors should regularly evaluate the organization’s internal conformance to its system for Governance of ICT. Directors should direct those responsible to establish regular and routine mechanisms for ensuring that the use of ICT complies with relevant obligations (regulatory, legislation, common law, contractual), standards and guidelines. Directors should direct that policies are established and enforced to enable the organization to meet its internal obligations in its use of ICT. Directors should direct that ICT staff follow relevant guidelines for professional behaviour and development. Directors should direct that all actions relating to ICT be ethical IMPLICATIONS Page 8 of 9
Commercial in Confidence IMPLICATIONS Direct Evaluate Monitor DIMENSION: HUMAN BEHAVIOUR REQUIREMENT Directors should monitor ICT activities to ensure that identified human behaviours remain relevant and that proper attention is given to them. Directors should monitor work practices to ensure that they are consistent with the appropriate use of ICT Directors should evaluate ICT activities to ensure that human behaviours are identified and appropriately considered. Directors should direct that ICT activities are consistent with identified human behaviour. Directors should direct that risks, opportunities, issues and concerns may be identified and reported by anyone at any time. These risks should be managed in accordance with published policies and procedures and escalated to the relevant decision makers Page 9 of 9

Recomendados

IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
Ramiro Cid
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
ISACA Riyadh
 
Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.key
Basta Group BV
 
Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business Needs
PECB
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB
 
Christophe feltus introduction to iso 38500 v1 0
Christophe feltus introduction to iso 38500 v1 0Christophe feltus introduction to iso 38500 v1 0
Christophe feltus introduction to iso 38500 v1 0
Luxembourg Institute of Science and Technology
 
It governance
It governanceIt governance
It governance
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
 

Recomendados

IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
Ramiro Cid
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
ISACA Riyadh
 
Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.key
Basta Group BV
 
Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business Needs
PECB
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB
 
Christophe feltus introduction to iso 38500 v1 0
Christophe feltus introduction to iso 38500 v1 0Christophe feltus introduction to iso 38500 v1 0
Christophe feltus introduction to iso 38500 v1 0
Luxembourg Institute of Science and Technology
 
It governance
It governanceIt governance
It governance
Lusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
Sayyed Zakir Ali Rizwe
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
Jerry Bishop
 
It governance
It governanceIt governance
It governance
Mahetab Khan
 
2012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V12012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V1
Michael Boyle
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
IT Governance
IT GovernanceIT Governance
IT Governance
Carlos Chalico
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
PECB
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
Navneet Singh
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology Governance
Goutama Bachtiar
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT Governance
Bill Lisse
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)
Osman Hasan
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
Burcu Pelin TELLİ
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentation
jmcarden
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
Yulias Sihombing, Ak, MAk, CIA
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
Richard Willis
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
Sherri Booher
 
ISO 27014 et 38500
ISO 27014 et 38500ISO 27014 et 38500
ISO 27014 et 38500
Antoine Vigneron
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yung
norsaidatul_akmar
 
COBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemCOBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking system
Mark Constable
 
As
As As
As
Vishal Sharma
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
ShivamSharma909
 

Más contenido relacionado

La actualidad más candente

COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
Mark Constable
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yung
norsaidatul_akmar
 
COBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemCOBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking system
Mark Constable
 

La actualidad más candente (20)

IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
 
It governance
It governanceIt governance
It governance
 
2012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V12012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V1
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
 
IT Governance
IT GovernanceIT Governance
IT Governance
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
Comprehending Information Technology Governance
Comprehending Information Technology GovernanceComprehending Information Technology Governance
Comprehending Information Technology Governance
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT Governance
 
Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)Corporate governance of INFORMATION TECHNOLOGY (IT)
Corporate governance of INFORMATION TECHNOLOGY (IT)
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentation
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
ISO 27014 et 38500
ISO 27014 et 38500ISO 27014 et 38500
ISO 27014 et 38500
 
It governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yungIt governance in_higher_education_by_james_yung
It governance in_higher_education_by_james_yung
 
COBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemCOBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking system
 

Similar a Iso iec 38500 ict governance workbook

Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review Course
Desmond Devendran
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
Mohammad Reda Katby
 
Pm And It Governance
Pm And It GovernancePm And It Governance
Pm And It Governance
sundong
 
Case study on radio station
Case study on radio stationCase study on radio station
Case study on radio station
afira20
 

Similar a Iso iec 38500 ict governance workbook (20)

As
As As
As
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
Ict governance
Ict governanceIct governance
Ict governance
 
Ea As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachEa As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo Approach
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
 
It Governance Methodology Cox
It Governance Methodology CoxIt Governance Methodology Cox
It Governance Methodology Cox
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review Course
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
Gtag 1 information risk and control
Gtag 1 information risk and controlGtag 1 information risk and control
Gtag 1 information risk and control
 
Principal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic ApproachPrincipal 4 Enabling A Holistic Approach
Principal 4 Enabling A Holistic Approach
 
Pm And It Governance
Pm And It GovernancePm And It Governance
Pm And It Governance
 
Case study on radio station
Case study on radio stationCase study on radio station
Case study on radio station
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
 
Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"Research Paper on "Project Management and IT Governance"
Research Paper on "Project Management and IT Governance"
 
Research Paper on Project Management and IT Governance
Research Paper on Project Management and IT GovernanceResearch Paper on Project Management and IT Governance
Research Paper on Project Management and IT Governance
 
An IT Governance program
An IT Governance programAn IT Governance program
An IT Governance program
 
Presentation on the Proposed Technology-related Revisions to the Code
Presentation on the Proposed Technology-related Revisions to the CodePresentation on the Proposed Technology-related Revisions to the Code
Presentation on the Proposed Technology-related Revisions to the Code
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
WLS Services Brochure March 2013
WLS Services Brochure March 2013WLS Services Brochure March 2013
WLS Services Brochure March 2013
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 

Último

Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
daisycvs
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Dipal Arora
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 

Último (20)

Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➥99902@11544 ( Best price)100% Genuine Escort In 24...
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 

Iso iec 38500 ict governance workbook

  • 1. Commercial in Confidence The ICT Governance Standard This diagram encapsulates ICT governance as defined by the ISO/IEC 38500 standard modified for a non-profit organisation. The core duties are the monitor, evaluate and direct ICT. The standard suggests six dimensions in which directors should carry out these duties. Responsibility Strategy Acquisition Performance Conformance Human Behaviour Page 1 of 9
  • 2. Commercial in Confidence The following tables lists the tasks required to monitor evaluate and direct each dimension. Our board workshop will include a discussion about this framework and will start defining the implications in terms of policy, reporting and KPIs. You’ll note that some of the requirements are that we’ve defined our requirements. And in many cases the monitoring, evaluating and directing are all encompassed by having a policy in place. So this list isn’t a daunting as it appears from the number of pages involved. Please start by making notes in the Implications column ready for a group discussion. In that discussion we will effectively make a first outline draft of your governance framework for later revision and refinement. In the first instance make a note of Any questions arising Strengths and opportunities Weaknesses and threats Anything already in place Anything from another source you think could be helpful Page 2 of 9
  • 3. Commercial in Confidence Direct Evaluate Monitor DIMENSION: RESPONSIBILITY REQUIREMENT (from ISO 38500) IMPLICATIONS Directors should monitor that appropriate ICT governance mechanisms are established and maintained. Directors should monitor that those given responsibility acknowledge and understand their responsibilities. Directors should monitor the performance of those given responsibility in the governance of ICT (for example, those people serving on steering committees or presenting proposals to director(s) Directors should evaluate the options for assigning responsibilities in respect of the organization’s current and future use of ICT. In evaluating options, directors should seek to ensure effective, efficient, and acceptable use and delivery of ICT in support of current and future business objectives. Directors should evaluate the competence of those given responsibility to make decisions regarding ICT. Directors should direct that plans be carried out according to the assigned ICT responsibilities. Directors should direct that they receive the information that they need to meet their responsibilities and accountability. Page 3 of 9
  • 4. Commercial in Confidence Direct Evaluate Monitor DIMENSION: STRATEGY REQUIREMENT Directors should monitor the progress of approved ICT proposals to ensure that they are achieving objectives in required timeframes using allocated resources. Directors should monitor the use of ICT to ensure that it is achieving its intended benefits IMPLICATIONS Directors should evaluate developments in ICT and business processes to ensure that ICT will provide support for future business needs. In considering plans and policies, directors should evaluate ICT activities to ensure they align with the organization’s objectives for changing circumstances, take consideration of better practices and satisfy other key stakeholder requirements. Directors should ensure that ICT is subject to appropriate risk assessment and evaluation, as described in relevant international and national standards. Directors should direct the preparation and use of plans and policies that ensure the organization does benefit from developments in ICT. Directors should encourage the submission of proposals for innovative ICTuse that enables the organization to respond to new opportunities or challenges, undertake new businesses or improve processes. Page 4 of 9
  • 5. Commercial in Confidence Direct Evaluate Monitor DIMENSION: AQUISITION REQUIREMENT Directors should monitor ICT investments to ensure that they provide the required capabilities. Directors should monitor the extent to which their organization and suppliers maintain the shared understanding of the organization's intent in making any ICT acquisition Directors should evaluate options for providing ICT to realize approved proposals, balancing risks and value for money of proposed investments. IMPLICATIONS Directors should direct that ICT assets (systems and infrastructure) be acquired in an appropriate manner, including the preparation of suitable documentation, while ensuring that required capabilities are provided. Directors should direct that supply arrangements (including both internal and external supply arrangements) support the business needs of the organization. Page 5 of 9
  • 6. Commercial in Confidence Evaluate Monitor DIMENSION: PERFORMANCE REQUIREMENT Directors should monitor the extent to which ICT does support the business. Directors should monitor the extent to which allocated resources and budgets are prioritised according to business objectives. Directors should monitor the extent to which the policies, such as for data accuracy and the efficient use of ICT, are followed properly Directors should evaluate the means proposed by the managers to ensure that ICT will support business processes with the required capability and capacity. These proposals should address the continuing normal operation of the business and the treatment of risk associated with the use of ICT. Directors should evaluate the risks to continued operation of the business arising from ICT activities. Directors should evaluate the risks to the integrity of information and the protection of ICT assets, including associated intellectual property and organizational memory. Directors should evaluate options for assuring effective, timely decisions about use of ICT in support of business goals. Directors should regularly evaluate the effectiveness and performance of the organization’s system for Governance of ICT. Directors should ensure allocation of sufficient resources so that ICT meets the needs of the organization, according to the agreed priorities and budgetary constraints. IMPLICATIONS Page 6 of 9
  • 7. Commercial in Confidence IMPLICATIONS Direct DIMENSION: PERFORMANCE continued REQUIREMENT Directors should ensure allocation of sufficient resources so that ICT meets the needs of the organization, according to the agreed priorities and budgetary constraints. Directors should direct those responsible to ensure that ICT supports the business, when required for business reasons, with correct and up-to-date data that is protected from loss or misuse. Page 7 of 9
  • 8. Commercial in Confidence Direct Evaluate Monitor DIMENSION: CONFORMANCE REQUIREMENT Directors should monitor ICT compliance and conformance through appropriate reporting and audit practices, ensuring that reviews are timely, comprehensive, and suitable for the evaluation of the extent of satisfaction of the business. Directors should monitor ICT activities, including disposal of assets and data, to ensure that environmental, privacy, strategic knowledge management, preservation of organizational memory and other relevant obligations are met Directors should regularly evaluate the extent to which ICT satisfies obligations (regulatory, legislation, common law, contractual), internal policies, standards and professional guidelines. Directors should regularly evaluate the organization’s internal conformance to its system for Governance of ICT. Directors should direct those responsible to establish regular and routine mechanisms for ensuring that the use of ICT complies with relevant obligations (regulatory, legislation, common law, contractual), standards and guidelines. Directors should direct that policies are established and enforced to enable the organization to meet its internal obligations in its use of ICT. Directors should direct that ICT staff follow relevant guidelines for professional behaviour and development. Directors should direct that all actions relating to ICT be ethical IMPLICATIONS Page 8 of 9
  • 9. Commercial in Confidence IMPLICATIONS Direct Evaluate Monitor DIMENSION: HUMAN BEHAVIOUR REQUIREMENT Directors should monitor ICT activities to ensure that identified human behaviours remain relevant and that proper attention is given to them. Directors should monitor work practices to ensure that they are consistent with the appropriate use of ICT Directors should evaluate ICT activities to ensure that human behaviours are identified and appropriately considered. Directors should direct that ICT activities are consistent with identified human behaviour. Directors should direct that risks, opportunities, issues and concerns may be identified and reported by anyone at any time. These risks should be managed in accordance with published policies and procedures and escalated to the relevant decision makers Page 9 of 9