cut to f.it
DESCRIPTION
Cut to F.IT. Using IT Governance Standard ISO38500. What kind of Charity are You?. Two Layer Team < Board. Single Layer Board = Team. COOKIE. CUP CAKE. SLICE. SUNDAE. Three Layers Board + CE + Team Team > Board. Multi-Layered Executive Team Departments. ISO 38500. - PowerPoint PPT PresentationTRANSCRIPT
CUT TO F.ITUsing IT Governance Standard ISO38500
WHAT KIND OF CHARITY ARE YOU?
COOKIE CUP CAKE
Three LayersBoard + CE + Team
Team > Board
SLICEMulti-LayeredExecutive TeamDepartments
Two LayerTeam < Board
Single LayerBoard = Team
SUNDAE
ISO 38500
SIX PRINCIPLES
RESPONSIBILITY
• CEO must make business cases
• Develop Datakeepers
• IT responsibility on exec team• Specify when to
use external advisors
Outsource• Recruit tech
volunteer to manage suppliers
• Don’t abdicate responsibilities
Assign distinct roles - • Technician
• Applications• Planning
• Compliance
STRATEGY
• Consider what your stakeholders
expect.
• ICT planning to support strategic plan
• Include vision for technology
• Get expert input for strategic plans and project evaluations
• Keep risk register
Separate long term planning from short
term tasks
ACQUISITION
• Policy controlled• Business sponsors
for tech projects• Project plan ≠
business case
• No major IT Projects - ONLY business projects that include technology
• Independent PM
• Off-the-shelf• Outsource within
policy framework• External review of
major projects
Use “hosts” service where possible.
PERFORMANCE
• KPIs in place• Use standards and
frameworks• Drive technology
performance• Optimise asset
lifespan
• Does IT performance impact operational
performance?
• Measure and review IT performance
• Manage IT suppliers
CONFORMANCE
• Understand basic SWOT for
Technologies• Compliance
reporting• Independent
oversight
• Regular audit, some external
• Consider specialist auditors
Core policies• Privacy• Electronic ID• Data management
(includes security)
• Back-ups• Plan reaction to
compliance changes
• Widely used packages mitigate
some risks
HUMAN BEHAVIOUR
• Staff tech capability is part
of PD
• Expect technology management capability
• Work-life balance in policies
• Make time to train• Avoid patch
protection
[email protected]: hazeldjay+64 2102 349 095
RESOURCES
ISSUES MATRIX
LINKS My website www.dalejennings.co.nz has an ever developing DIY toolbox.
Ask if you want something added!
“Waltzing with the Elephant” by Australia’s own Mark Toomey is possibly the best in depth guide in plain English. Sample or buy at the Infonomics web site
The NZ Privacy Commissioner has an excellent plain English guide to cloud computing covering many risk areas as well as compliance
IITP Cloud Computing Code has questions to ask suppliers.
Conference Offer – sign up for our newsletter and get a free “coffee consultation” about your challenges.
LinkedIn groups: several address technology issues and include
governance or discuss governance and include IT. My profile links to several.
If in doubt - Google your question and watch the videos!