CHAPTER 5: IMPLEMENTING THE SIX IT GOVERNANCE PRINCIPLES
The fifth chapter of ISO/IEC 38500 describes how the three actions intersect with the six principles; it provides, if you will, guidance on how the six principles are to be implemented, by applying the three actions in each case. Of course, none of this is intended to be exhaustive, and each organisation is encouraged to give “due consideration” to its own nature and make an “appropriate analysis of the risk and opportunities for the use of IT”.13
•Options for assigning responsibilities.
•The competence of those given operational decision-making responsibilities, with a preference for these to be business managers supported by IT specialists.
•That strategies ...