CUT TO F.ITUsing IT Governance Standard ISO38500

WHAT KIND OF CHARITY ARE YOU?

COOKIE CUP CAKE

Three LayersBoard + CE + Team

Team > Board

SLICEMulti-LayeredExecutive TeamDepartments

Two LayerTeam < Board

Single LayerBoard = Team

SUNDAE

ISO 38500

SIX PRINCIPLES

RESPONSIBILITY

• CEO must make business cases

• Develop Datakeepers

• IT responsibility on exec team• Specify when to

use external advisors

Outsource• Recruit tech

volunteer to manage suppliers

• Don’t abdicate responsibilities

Assign distinct roles - • Technician

• Applications• Planning

• Compliance

STRATEGY

• Consider what your stakeholders

expect.

• ICT planning to support strategic plan

• Include vision for technology

• Get expert input for strategic plans and project evaluations

• Keep risk register

Separate long term planning from short

term tasks

ACQUISITION

• Policy controlled• Business sponsors

for tech projects• Project plan ≠

business case

• No major IT Projects - ONLY business projects that include technology

• Independent PM

• Off-the-shelf• Outsource within

policy framework• External review of

major projects

Use “hosts” service where possible.

PERFORMANCE

• KPIs in place• Use standards and

frameworks• Drive technology

performance• Optimise asset

lifespan

• Does IT performance impact operational

performance?

• Measure and review IT performance

• Manage IT suppliers

CONFORMANCE

• Understand basic SWOT for

Technologies• Compliance

reporting• Independent

oversight

• Regular audit, some external

• Consider specialist auditors

Core policies• Privacy• Electronic ID• Data management

(includes security)

• Back-ups• Plan reaction to

compliance changes

• Widely used packages mitigate

some risks

HUMAN BEHAVIOUR

• Staff tech capability is part

of PD

• Expect technology management capability

• Work-life balance in policies

• Make time to train• Avoid patch

protection

QUESTIONS?Hazel@dalejennings.co.nzSkype: hazeldjay+64 2102 349 095

RESOURCES

ISSUES MATRIX

LINKS My website www.dalejennings.co.nz has an ever developing DIY toolbox.

Ask if you want something added!

“Waltzing with the Elephant” by Australia’s own Mark Toomey is possibly the best in depth guide in plain English. Sample or buy at the Infonomics web site

The NZ Privacy Commissioner has an excellent plain English guide to cloud computing covering many risk areas as well as compliance

IITP Cloud Computing Code has questions to ask suppliers.

Conference Offer – sign up for our newsletter and get a free “coffee consultation” about your challenges.

LinkedIn groups: several address technology issues and include

governance or discuss governance and include IT. My profile links to several.

If in doubt - Google your question and watch the videos!