ISO on IT Governance

Michael R. Wood is a Business Process Improvement & IT Strategist Independent Consultant. He is creator of the business process-improvement methodology called HELIX and founder of The Natural Intelligence Group, a strategy, process improvement and technology consulting company. He is also a CPA, has served as an Adjunct Professor in Pepperdine's Management MBA program, an Associate Professor at California Lutheran University, and on the boards of numerous professional organizations. Mr. Wood is a sought after presenter of HELIX workshops and seminars in both the U.S. and Europe.

  Applications Delivery   Governance   Information Technology   Knowledge Management   Lessons Learned   Quality   Requirements Management   Scope Management   Testing/Test Management  

When thinking of IT governance and compliance subjects like Sarbanes-Oxley (SOX), Information Technology Infrastructure Library (ITIL), Control Objectives for Information and Related Technology (CoBit), Organizational Project Management Maturity Model (OPM3) and Capability Maturity Model (CMM) come to mind. Ironically, one of the most established standards organizations and their pronouncements on IT governance is often missing from the conversation: the International Organization for Standardization. The ISO was founded in 1947, and since then it has developed strong ties to major governments who have adopted many (if not all) of the standards published by the ISO.

Did you know that the ISO has been very active in the governance and compliance space? In fact, they have several published standards related to IT governance including:

• ISO 17799 / 27001 / 02 - Information Security Management
• ISO 20000 - IT Service Management
• ISO 38500 - Information and Communication Services Management
• ISO 90001 / 90003 - Software Quality Management

Here is an update on these standards you might find useful:

ISO 17799/ ISO 27001/ 02: Information Security Management
ISO 17799 was replaced by the ISO 27000 series of standards in 2005. According to www.27000.org the objective of this standard is to “provide a model for establishing, implementing, …

Please log in or sign up below to read the rest of the article.