CobiT definition:
Establish an IT architecture board to provide architecture guidelines and advice on their application, and to verify compliance. This
entity should direct IT architecture design, ensuring that it enables the business strategy and considers regulatory compliance and
continuity requirements. This is related/linked to PO2 Define the information architecture.
Bill says,
In PO3.4 we talked about establishing a technology forum to establish and review technology standards. So how is this control objective different?
As I have mentioned previously I think the difference is negligible. Personally I believe the the technology forum’s mandate is to address all aspects of technology from the desktop, to the servers, to the network architecture. Whereas I think the IT Architecture board is most charged with reviewing and settings true architecture standards such as network design, application support infrastructure, etc. At least that’s my reading of it! What this means for me in practice is that because I really can’t tell the difference between a technology standards forum and an IT Architecture board is that we just lump the two together and talk about technology within architecture.
Let’s look at a real-life example and see if it helps shed any light on what is what here. We are currently reviewing our overall malware protection across our environment, from gateways, to desktops and servers. If you think about this as a technology standard, i.e. “what technology do we use to protect our information security” does it stand that malware protection be viewed as a technology standard? Or because it is more behind the scenes is it infrastructure and part of the purview of the IT Architecture board?
In fact, is that one of the ways we might look at the difference? Technology Standards discussing that technology that our customers actively engage in such as PC standards, end user applications, devices, etc and Architecture Board sets the unlying, hidden if you will, technology such as networks, virus protection, server design, etc?
You know, I just might buy that split but because I don’t work in a company big enough to split them out I’ll keep doing it all in one place!
The fifth step in Determining the Technological Direction is establishing an IT Architecture Board.
Related posts:
- AI3 Acquire and Maintain Technology Infrastructure CobiT definition: Organisations have processes for the acquisition, implementation and upgrade of the technology infrastructure. This requires a planned approach...
- PO4.1 IT Process Framework CobiT definition: Define an IT process framework to execute the IT strategic plan. This framework should include an IT process...
- DS5 Ensure Systems Security CobiT definition: The need to maintain the integrity of information and protect IT assets requires a security management process. This...
- DS9 Manage the Configuration CobiT definition: Ensuring the integrity of hardware and software configurations requires the establishment and maintenance of an accurate and complete...
- AI2 Acquire and Maintain Application Software CobiT definition: Applications are made available in line with business requirements. This process covers the design of the applications, the...
