1 / 14

Cut to F.IT

Cut to F.IT. Using IT Governance Standard ISO38500. What kind of Charity are You?. Two Layer Team < Board. Single Layer Board = Team. COOKIE. CUP CAKE. SLICE. SUNDAE. Three Layers Board + CE + Team Team > Board. Multi-Layered Executive Team Departments. ISO 38500.

kamuzu
Télécharger la présentation

Cut to F.IT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cut to F.IT Using IT Governance Standard ISO38500

  2. What kind of Charity are You? Two Layer Team < Board Single Layer Board = Team COOKIE CUP CAKE SLICE SUNDAE Three Layers Board + CE + Team Team > Board Multi-Layered Executive Team Departments

  3. ISO 38500

  4. SIX PRINCIPLES

  5. RESPONSIBILITY • Outsource • Recruit tech volunteer to manage suppliers • Don’t abdicate responsibilities • Assign distinct roles - • Technician • Applications • Planning • Compliance • IT responsibility on • exec team • Specify when to use external advisors • CEO must make business cases • Develop Datakeepers

  6. Strategy • Get expert input for strategic plans and project evaluations • Keep risk register Separate long term planning from short term tasks • ICT planning to support strategic plan • Include vision for technology • Consider what your stakeholders expect.

  7. Acquisition • Off-the-shelf • Outsource within policy framework • External review of major projects Use “hosts” service where possible. • No major IT Projects - ONLY business projects that include technology • Independent PM • Policy controlled • Business sponsors for tech projects • Project plan ≠ business case

  8. Performance • Does IT performance impact operational performance? • Measure and review IT performance • Manage IT suppliers • KPIs in place • Use standards and frameworks • Drive technology performance • Optimise asset lifespan

  9. Conformance • Core policies • Privacy • Electronic ID • Data management (includes security) • Back-ups • Plan reaction to compliance changes • Widely used packages mitigate some risks • Understand basic SWOT for Technologies • Compliance reporting • Independent oversight • Regular audit, some external • Consider specialist auditors

  10. Human Behaviour • Make time to train • Avoid patch protection • Work-life balance in policies • Expect technology management capability • Staff tech capability is part of PD

  11. QUESTIONS? Hazel@dalejennings.co.nz Skype: hazeldjay +64 2102 349 095

  12. RESOURCES

  13. Issues matrix

  14. Links • My website www.dalejennings.co.nz has an ever developing DIY toolbox. Ask if you want something added! • “Waltzing with the Elephant” by Australia’s own Mark Toomey is possibly the best in depth guide in plain English. Sample or buy at the Infonomics web site • The NZ Privacy Commissioner has an excellent plain English guide to cloud computing covering many risk areas as well as compliance • IITP Cloud Computing Code has questions to ask suppliers. • Conference Offer – sign up for our newsletter and get a free “coffee consultation” about your challenges. • LinkedIn groups: several address technology issues and include governance or discuss governance and include IT. My profile links to several. • If in doubt - Google your question and watch the videos!

More Related