CHAPTER 5: IMPLEMENTING THE SIX IT GOVERNANCE PRINCIPLES

The fifth chapter of ISO/IEC 38500 describes how the three actions intersect with the six principles; it provides, if you will, guidance on how the six principles are to be implemented, by applying the three actions in each case. Of course, none of this is intended to be exhaustive, and each organisation is encouraged to give “due consideration” to its own nature and make an “appropriate analysis of the risk and opportunities for the use of IT”.13

Responsibility

Evaluate

•Options for assigning responsibilities.

•The competence of those given operational decision-making responsibilities, with a preference for these to be business managers supported by IT specialists.

Direct

•That strategies ...

Get ISO/IEC 38500: A pocket guide, second edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.