BS ISO/IEC 38500:2015 pdf download-Information technology — Governance of IT for the organization.
4 Principles and Model for Good Governance of IT 4.1 Principles This clause sets out six principles for good governance of IT. The principles express preferred behaviour to guide decision making. The statement of each principle refers to what should happen, but does not prescribe how, when or by whom the principles would be implemented – as these aspects are dependent on the nature of the organization implementing the principles. Governing bodies should require that these principles are applied. Principle 1: Responsibility Individuals and groups within the organization understand and accept their responsibilities in respect of both supply of, and demand for IT. Those with responsibility for actions also have the authority to perform those actions. Principle 2: Strategy The organization’s business strategy takes into account the current and future capabilities of IT; the plans for the use of IT satisfy the current and on-going needs of the organization’s business strategy. Principle 3: Acquisition IT acquisitions are made for valid reasons, on the basis of appropriate and on-going analysis, with clear and transparent decision making. There is appropriate balance between benefits, opportunities, costs, and risks, in both the short term and the long term.
4.2 Model Governing bodies should govern IT through three main tasks: a) Evaluate the current and future use of IT. b) Direct preparation and implementation of strategies and policies to ensure that use of IT meets business objectives. c) Monitor conformance to policies, and performance against the strategies. Authority for specific aspects of IT may be delegated to managers within the organization. However, accountability for the effective, efficient and acceptable use of IT by an organization remains with the governing body and cannot be delegated. Figure 1 shows the model for governance of IT using Evaluate-Direct- Monitor. The text following Figure 1 explains the elements and relationships depicted.
BS ISO/IEC 38500:2015 pdf download-Information technology — Governance of IT for the organization
PS:
If you don't mind, please turn off your ad blocker.