- Secure “One-Way” Communication
- Privileged User Management and Access Control
- Enterprise Log Management
- Enterprise Intelligence
Home >> Solutions >> IT Governance and Regulatory Compliance
IT Governance and Regulatory ComplianceGlobal Security Network helps organizations in deploying best practices for IT Governance thereby enabling regulatory compliance
Corporate governance regulations such as the Sarbanes-Oxley Act in the U.S., the Combined Code - Turnbull Guidance in the U.K., and ESCA Decision No R/32 in the UAE, require controls over Information Technology as well due to the extensive permeation of IT in the enterprise.
Global Security Network provides Training, IT Strategic Vision and Roadmap Development, Implementation Consulting and Technical Assistance based on best practices and international standards to organizations looking for improvements in IT Governance and Regulatory Compliance
Standard for IT Governance
ISO 38500:2008 is the first international standard that provides guidelines for corporate governance of IT in the enterprise. ISO 38500 is based on the Australian standard AS8015 and provides a framework with six guiding principles for good corporate governance of IT and a model for directors to govern IT with three main tasks: evaluate, direct and control. However the standard only describes what should happen, but not how, or by whom, thereby necessitating a requirement for good reference frameworks.Best practice solutions
The best way to implement IT governance and enable regulatory compliance is through the adoption of externally validated multi-layered frameworks that support the coordination of IT governance strategy, simplify compliance and free internal resources for value building activities. CobiT, ITIL and ISO 27001 are the three most important best-practice IT related frameworks which can be aligned to each other and also enable compliance with ISO 38500:2008.
Integration of best practice frameworks
CobiT, ITIL and ISO 27001 are all part of a potential best-practice IT approach to corporate governance and regulatory compliance. The challenge, for many organizations, is to establish a co-ordinated, integrated framework that draws on all three of these frameworks and standards. In short:
- CobiT should be used to provide “an overall control framework based on [generic] IT-process model”, defining what should be done at the governance (high) level
- ITIL and ISO 27001 should be mapped to high-level CobiT process and control objectives
- ITIL describes how service management aspects should be handled
- ISO 27001 defines what must be done in terms of information security controls
- CobiT, ITIL and ISO 27001 projects should be cross-linked/integrated
