PO3.4 Technology Standards

by Bill Oxley on April 12, 2009

CobiT definition:

To provide consistent, effective and secure technological solutions enterprisewide, establish a technology forum to provide
technology guidelines, advice on infrastructure products and guidance on the selection of technology, and measure compliance with
these standards and guidelines. This forum should direct technology standards and practices based on their business relevance, risks
and compliance with external requirements.

Bill says,

This control objective has a number of different but important elements – in fact if I had been drafting this governance framework I may well have separated what I see to be two major points being addressed here.

The guidance is to establish a forum for the purpose of establishing technology guidelines and providing advice, but then it goes on to say that this forum would also measure compliance with the standards and guidelines. I don’t mind this forum providing both advice and measuring compliance, but it just seems like the kind of thing that needs to be separate.

In any case, I’ll address it together. So, what is the number one question about this control objective? It would have to be, “what is a forum?” The next control objective talks about establishing a board, so then is a forum different than a board? One could imagine that a forum is simply an informal discussion group but then that doesn’t align very well with the idea that the forum would also be measuring compliance – at least it doesn’t for me.

The advice clearly states that the forum should direct technology standards but is that different than setting them? If in fact the technology standards forum is different than the architecture board, then it would seem perhaps that this approach is too “big company” for a lot of us. I for one can’t see having different groups advise and set standards let alone measure compliance. We don’t have enough people!

Here is what I think is being said here and the difference between this and the next control objective, which is to form an IT Architecture Board. While the latter is meant to be focused on big picture, general architecture design decisions (should we go to a meshed MPLS network, for example) the former is designed to address all levels of technology, including end user devices. Will we be supporting iPhones? What model laptops are we going with this quarter? And so on. In my case we do all of these discussions at the IT Architecture Board level because I don’t have enough staff to have multiple groups.

Remember, this is one man’s opinion. What’s yours? What do you think a forum is?

The fourth step in Determining the Technological Direction is Technology Standards.

{ 1 comment }

PO3.3 Monitor Future Trends and Regulations

January 31, 2009

CobiT definition:
Establish a process to monitor the business sector, industry, technology, infrastructure, legal and regulatory environment trends.
Incorporate the consequences of these trends into the development of the IT technology infrastructure plan.
Bill says,
For me one of the great things about using a governance framework such as CobiT is the attention it forces you to take to [...]

Read the full article →

How to Pass the ITIL Foundations Certification Exam

October 25, 2008

I’ll take a break in the action of going through CobiT to tell you that I recently passed the ITIL v3 Foundation for Service Management Certification exam. I had received an offer through HDI for a course and exam package and decided it was time to go for it, both to force me to [...]

Read the full article →

PO3.2 Technology Infrastructure Plan

October 5, 2008

CobiT definition:
Create and maintain a technology infrastructure plan that is in accordance with the IT strategic and tactical plans. The plan should be based on the technological direction and include contingency arrangements and direction for acquisition of technology resources. It should consider changes in the competitive environment, economies of scale for information systems staffing and [...]

Read the full article →

PO3.1 Technological Direction Planning

August 29, 2008

CobiTdefinition:
Analyse existing and emerging technologies, and plan which technological direction is appropriate to realise the IT strategy and the business systems architecture. Also identify in the plan which technologies have the potential to create business opportunities. The plan should address systems architecture, technological direction, migration strategies and contingency aspects of infrastructure components.
Bill says,
You have to [...]

Read the full article →

PO3 Determine Technological Direction

August 21, 2008

CobiT definition:
The information services function determines the technology direction to support the business. This requires the creation of a technological infrastructure plan and an architecture board that sets and manages clear and realistic expectations of what technology can offer in terms of products, services and delivery mechanisms. The plan is regularly updated and encompasses aspects [...]

Read the full article →

IT Governance Certifications

August 17, 2008

I’ve decided it was time that I get a little more serious about my IT Governance education and as such I have decided to pursue a couple of worthwhile certifications – ITIL Foundations (for a start) and CGEIT, which is Isaca’s Certified in the Governance of Enterprise IT certification.
For the Foundations’s certificate studying I [...]

Read the full article →

← Previous Entries