This website uses cookies. View our cookie policy
Select regional store:

IT Governance

Ensuring that all your IT systems, frameworks, and practices work together to achieve corporate strategies and objectives can be a problem for most organizations, but getting the best out of them and delivering effective and coherent systems can save you huge amounts of time and money and drive your business forward.

This page discusses the leading IT governance frameworks and disciplines—including COBIT, Val IT, Calder–Moir and ITIL—and the IT governance standard, ISO/IEC 38500.

IT governance sub-domains

The broad subject of IT governance covers many individual disciplines, all of which have their own specific approaches (including best-practice standards and frameworks), which may not necessarily work together in harmony. The challenge for many organizations is to establish a coordinated, integrated framework that draws on all these approaches to produce a coherent, workable whole.

The sub-domains of IT governance include:

Please use the links above to see each of the dedicated information pages for more on these subject areas.

Calder–Moir Framework

There are many different IT governance frameworks available that promise to provide a clearer, strategic approach to the governance of IT and claim to offer unrivalled return on investment, but none of them on its own is a complete IT governance framework.

The Calder–Moir Framework is designed to maximize the benefit from all these integrated and overlapping standards, frameworks and methodologies while deploying the best practice guidance contained in the international standard for IT governance, ISO/IEC 38500.

More information is available on the Calder–Moir IT Governance Framework page >>

Free toolkit trial

Submit your details below to take a free trial of the IT Governance Framework Toolkit.

Based on the Calder–Moir Framework and compatible with ISO 38500, the IT Governance Framework Toolkit enables any organization to create a single framework to achieve its IT strategies and objectives by taking the best from COBIT, ITIL, ISO 27001/ISO 27002, ISO 20000, PRINCE2, PMBOK, TOGAF, IT Balanced Scorecards, the Zachman Enterprise Architecture, IT Portfolio Management, Dashboards, and more.

See below for other available IT governance resources.

ISO/IEC 38500, the international standard for IT governance

Published in June 2008, ISO/IEC 38500 is the international standard for IT governance. It sets out a clear and easy-to-follow framework for an organization’s governance of Information and Communications Technology to align IT with organizational decisions. It can be applied to any organization, regardless of size, sector, or location and is particularly useful to directors and senior management.

Find out more about ISO 38500 here >>

IT governance frameworks: ITIL®, COBIT®, and Val IT

ITIL®, COBIT®, and Val IT are all vendor-neutral, third-party governance frameworks. Although they are not complete IT governance frameworks on their own, they each have their own IT governance strengths.

  • ITIL (the IT Infrastructure Library), the British Cabinet Office's best practice for IT service management, focuses on the end-user rather than on technology. Widely adopted around the world, ITIL is supported by ISO/IEC 20000:2011, against which independent registration can be achieved. On our ITIL page, you can access a free beginner’s guide to ITIL, IT Service Management, and ISO20000.
  • COBIT (Controlled Objectives for Information and related Technology) assists organizations in implementing effective enterprise wide IT Governance. With a focus on managing processes, COBIT has helped organizations bridge the gap between control requirements, regulatory compliance, and business risk—and significantly, it helps organizations increase the value of their IT investment. On our COBIT page you can access a free briefing paper on COBIT 5, the latest iteration of the framework.

These three frameworks are all potentially part of any best-practice approach to regulatory and corporate governance compliance.

IT Governance supplies a wide range of ITIL, COBIT, and Val IT publications.

See below for links to recommended resources or visit our Web Store to see all available products.

ISO/IEC 27002, the international standard for information security management

ISO27002 (supported by ISO27001), is the global best practice standard for information security management in organizations. It details the best-practice specification for an information security management system (ISMS), a systematic approach for organizations to manage the confidentiality, integrity, and availability of their information assets. As part of an overall management system, an ISMS functions to protect, monitor, and improve how information security is handled within an organization.

Please see our dedicated ISO27001 information page for further guidance.

IT Governance resources

The IT Governance Web Store carries a wide range of IT governance resources, including standards and frameworks, books, toolkits, and training courses. In particular, we recommend the following:

  • IT Governance: A Pocket Guide
    The guide examines the role of IT governance in the management of strategic and operational risk. It also looks at the most important considerations when setting up an IT governance framework and introduces you to the Calder–Moir IT Governance Framework, which the author helped to create. The approach throughout is resolutely non‑geek, avoiding technical jargon and emphasizing business opportunities and needs.
  • IT Governance: Guidelines for Directors
    This board-level guide provides essential information on establishing an IT governance framework. By ensuring that your IT systems are properly integrated with your business and in harmony with your overall business goals, your company will be in a far better position to drive through changes and improvements.
  • Governance and Internal Controls for Cutting Edge IT
    This book shows you how to manage the risks of adopting cutting edge technology for your business in the context of COBIT 5 and related standards.