Embed Size (px)
Citation preview
ISO
38500
Governance;Conformance;Compliance;
Enterprise Risk Mgmt;Controls;
Audit
ITStrategy
Prince2
PMBOK
MSP
MoR
CMMI
OPM3
CobiT
COSO; CobiT; SOX; ISO27001; ISO38500Unified Compliance Framework, PCI DSS
Balanced Scorecard;Baldridge et al
InformationStrategy
Business/ITArchitectures
IT Principles
Data Protection;
CobiT;
ISO27001;
TCO/ROI
ISO20000
BCM/BS25999
PCI DSS
6Sigma
ITPO
ITIL
TOGAF
ZachmanFramework
BalancedScorecard
IAF
StrategicPlans
Business Plans
BalancedScorecard
Green IT
BusinessModel
Business Environment
BusinessStrategies
BusinessStrategy
Change ReadressProjects
ProgrammesMethods
AlignmentsBenefits
Risk, Conformance& Compliance
Human, Structuraland Market CapitalOrganisation Data
Applications, Business & IT Processes
Technologies
Information& TechnologyBalance Sheet
Zachman Framework;Balanced Scorecard;
ISO38500Knowledge Management
OperationsBusinessOperations
IT Operations
IT Asset Mgmt
Security
ISO
38500
Governance;Conformance;Compliance;
Enterprise Risk Mgmt;Controls;
Audit
ITStrategy
Prince2
PMBOK
MSP
MoR
CMMI
OPM3
CobiT
COSO; CobiT; SOX; ISO27001; ISO38500Unified Compliance Framework, PCI DSS
Balanced Scorecard;Baldridge et al
InformationStrategy
Business/ITArchitectures
IT Principles
Data Protection;
CobiT;
ISO27001;
TCO/ROI
ISO20000
BCM/BS25999
PCI DSS
6Sigma
ITPO
ITIL
TOGAF
ZachmanFramework
BalancedScorecard
IAF
StrategicPlans
Business Plans
BalancedScorecard
Green IT
BusinessModel
Business Environment
BusinessStrategies
BusinessStrategy
Change ReadressProjects
ProgrammesMethods
AlignmentsBenefits
Risk, Conformance& Compliance
Human, Structuraland Market CapitalOrganisation Data
Applications, Business & IT Processes
Technologies
Information& TechnologyBalance Sheet
Zachman Framework;Balanced Scorecard;
ISO38500Knowledge Management
OperationsBusinessOperations
IT Operations
IT Asset Mgmt
Security
Ch
eck
Act
Ch
eck
ISO
38500
Governance;Conformance;Compliance;
Enterprise Risk Mgmt;Controls;
Audit
ITStrategy
Prince2
PMBOK
MSP
MoR
CMMI
OPM3
CobiT
COSO; CobiT; SOX; ISO27001; ISO38500Unified Compliance Framework, PCI DSS
Balanced Scorecard;Baldridge et al
InformationStrategy
Business/ITArchitectures
IT Principles
Data Protection;
CobiT;
ISO27001;
TCO/ROI
ISO20000
BCM/BS25999
PCI DSS
6Sigma
ITPO
ITIL
TOGAF
ZachmanFramework
BalancedScorecard
IAF
StrategicPlans
Business Plans
BalancedScorecard
Green IT
BusinessModel
Business Environment
BusinessStrategies
BusinessStrategy
Change ReadressProjects
ProgrammesMethods
AlignmentsBenefits
Risk, Conformance& Compliance
Human, Structuraland MarketCapitalOrganisation Data
Applications, Business & IT Processes
Technologies
Information& TechnologyBalance Sheet
Zachman Framework;Balanced Scorecard;
ISO38500Knowledge Management
OperationsBusinessOperations
IT Operations
IT Asset Mgmt
Security
ISO
38500
Governance;Conformance;Compliance;
Enterprise Risk Mgmt;Controls;
Audit
ITStrategy
Prince2
PMBOK
MSP
MoR
CMMI
OPM3
CobiT
COSO; CobiT; SOX; ISO27001; ISO38500Unified Compliance Framework, PCI DSS
Balanced Scorecard;Baldridge et al
InformationStrategy
Business/ITArchitectures
IT Principles
Data Protection;
CobiT;
ISO27001;
TCO/ROI
ISO20000
BCM/BS25999
PCI DSS
6Sigma
ITPO
ITIL
TOGAF
ZachmanFramework
BalancedScorecard
IAF
StrategicPlans
Business Plans
BalancedScorecard
Green IT
BusinessModel
Business Environment
BusinessStrategies
BusinessStrategy
Change ReadressProjects
ProgrammesMethods
AlignmentsBenefits
Risk, Conformance& Compliance
Human, Structuraland Market CapitalOrganisation Data
Applications, Business & IT Processes
Technologies
Information& TechnologyBalance Sheet
Zachman Framework;Balanced Scorecard;
ISO38500Knowledge Management
OperationsBusinessOperations
IT Operations
IT Asset Mgmt
Security
ISO
38500
Governance;Conformance;Compliance;
Enterprise Risk Mgmt;Controls;
Audit
ITStrategy
Prince2
PMBOK
MSP
MoR
CMMI
OPM3
CobiT
COSO; CobiT; SOX; ISO27001; ISO38500Unified Compliance Framework, PCI DSS
Balanced Scorecard;Baldridge et al
InformationStrategy
Business/ITArchitectures
IT Principles
Data Protection;
CobiT;
ISO27001;
TCO/ROI
ISO20000
BCM/BS25999
PCI DSS
6Sigma
ITPO
ITIL
TOGAF
ZachmanFramework
BalancedScorecard
IAF
StrategicPlans
Business Plans
BalancedScorecard
Green IT
BusinessModel
Business Environment
BusinessStrategies
BusinessStrategy
Change ReadressProjects
ProgrammesMethods
AlignmentsBenefits
Risk, Conformance& Compliance
Human, Structuraland Market CapitalOrganisation Data
Applications, Business & IT Processes
Technologies
Information& TechnologyBalance Sheet
Zachman Framework;Balanced Scorecard;
ISO38500Knowledge Management
OperationsBusinessOperations
IT Operations
IT Asset Mgmt
Security
Ch
eck
Act
Ch
eck
ISO
38500
Governance;Conformance;Compliance;
Enterprise Risk Mgmt;Controls;
Audit
ITStrategy
Prince2
PMBOK
MSP
MoR
CMMI
OPM3
CobiT
COSO; CobiT; SOX; ISO27001; ISO38500Unified Compliance Framework, PCI DSS
Balanced Scorecard;Baldridge et al
InformationStrategy
Business/ITArchitectures
IT Principles
Data Protection;
CobiT;
ISO27001;
TCO/ROI
ISO20000
BCM/BS25999
PCI DSS
6Sigma
ITPO
ITIL
TOGAF
ZachmanFramework
BalancedScorecard
IAF
StrategicPlans
Business Plans
BalancedScorecard
Green IT
BusinessModel
Business Environment
BusinessStrategies
BusinessStrategy
Change ReadressProjects
ProgrammesMethods
AlignmentsBenefits
Risk, Conformance& Compliance
Human, Structuraland MarketCapitalOrganisation Data
Applications, Business & IT Processes
Technologies
Information& TechnologyBalance Sheet
Zachman Framework;Balanced Scorecard;
ISO38500Knowledge Management
OperationsBusinessOperations
IT Operations
IT Asset Mgmt
Security
u
IT
References: 1. ISO 38500 IT Governance Standard2. Overview of the Calder-Moir IT Governance Framework, 2006-2008, STW Moir
The framework consists of six
domains, each of which represents
one step in the end-to-end process
that starts with business strategy and
finishes with IT operational support
for delivery of business value against
that strategy.
Each segment is divided into three
layers.
The inner-most layers represents
the board, which directs,
evaluations, and monitors
information technology support for
business.
The middle layer represents
executive management, which is
responsible for managing the
activities that deliver the end-to-end
process.
The outermost layer represents the
IT practitioners and IT governance
practitioners, who use proven tools
and methodologies to plan, design,
assess, control, and deliver the IT
support for the enterprise.
The framework can be used for Plan-
Do-Check-Check cycle within each
individual domain or across all
domains depending upon the
decision scope and impact.
Input Decision Input Decision Input Decision Input Decision Input Decision
Chairman
and CEO
CIOCIO
EAOEAO
TAC
Services
Catalog
IT Council
SSB
All Business
Leaders
Business CIOs
Some Business
Leaders
TAC
IT Council
SS Board
CIO
Funding
Authorization
Most common
patterns in all companies
Architecture
Exception
Investee
Commitment
More Decentralized
Legend: EAO – Enterprise Architecture Organization; SSB – Shared Services Board; TAC – Technology Architecture Committee
