CORPORATE GOVERNANCE OF INFORMATION & COMMUNICATION TECHNOLOGY

Similar documents
Australian Standard. Information and documentation Records management processes Metadata for records. Part 1: Principles

Australian Standard. Records Management. Part 1: General AS ISO ISO

Australian Standard. Records Management. Part 2: Guidelines AS ISO ISO TR

Australian Standard. General requirements for the competence of testing and calibration laboratories AS ISO/IEC ISO/IEC 17025:1999

Australian Standard. Industrial automation systems and integration Open systems application integration framework

A S ISO Records Management Part 1: General

Australian Standard. Industrial automation systems and integration Open systems application integration framework

Australian/New Zealand Standard

Australian/New Zealand Standard

Australian/New Zealand Standard

Information and documentation Records management. Part 1: Concepts and principles AS ISO :2017 ISO :2016

SA/SNZ TR ISO/IEC :2014

Miscellaneous Publication

Australian/New Zealand Standard

AS/NZS ISO/IEC 17067:2015

AS/NZS ISO/IEC/IEEE 42010:2013

AS/NZS ISO/IEC 25030:2013

AS/NZS ISO 13008:2014

AS/NZS ISO/IEC/IEEE :2015

AS/NZS ISO 19157:2015

Australian/New Zealand Standard

Australian/New Zealand Standard

HB Communications Cabling Manual Module 1: Australian regulatory arrangements

Australian Standard. Information technology Communication interface connectors used in local area networks AS ISO/IEC/TR 9578:1990

ASA RECORDS AND ARCHIVES COURSES ACCREDITED BY THE ASA SINCE 1981 (Arranged alphabetically by University]

This is a free 10 page sample. Access the full version online.

RSL NSW SUB-BRANCH STANDARD OPERATING PROCEDURES

Terms & Conditions. Privacy, Health & Copyright Policy

Action Plan Developed by Institute of Public Accountants (IPA) BACKGROUND NOTE ON ACTION PLANS

UGANDA NATIONAL BUREAU OF STANDARDS LIST OF DRAFT UGANDA STANDARDS ON PUBLIC REVIEW

Guide 28 General rules for a model third-party certification system for products

SA/SNZ TR :2016

SOC for cybersecurity

- OQSF - Occupational Qualifications Sub-framework

Chapter 4 EDGE Approval Protocol for Auditors Version 3.0 June 2017

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

BACKGROUND NOTE ON ACTION PLANS

WAIS Gifts, Benefits and Hospitality Policy

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

Policy & Procedure Privacy Policy

KIN GROUP PTY LTD PRIVACY POLICY

IRMSA: Endorsement Policy 2013

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

Small Entities Audit Manual (SEAM)

Information technology Service management. Part 10: Concepts and vocabulary

Institute of Certified Forensic Accountants. Certificate in Internal Auditing

Information Security Data Classification Procedure

Building resilience. Delivering assurance.

VOCATIONAL QUALIFICATIONS ENTRY CODES 2017/18. ocr.org.uk

Section Qualifications of Audit teams Qualifications of Auditors Maintenance and Improvement of Competence...

The Open Group Certification for People. Training Course Accreditation Requirements

Company Announcements Office ASX Limited Exchange Centre Level 4, 20 Bridge Street SYDNEY NSW Subject: EdventureCo acquisition of DDLS

VET Quality Framework audit report

John Snare Chair Standards Australia Committee IT/12/4

Standard Setting and Revision Procedure

ANZPAA National Institute of Forensic Science BUSINESS PLAN

IT Audit Process. Prof. Mike Romeu. January 30, IT Audit Process. Prof. Mike Romeu

Last updated 31 March 2016 This document is publically available at

NOTICE OF AMENDMENT TO THE 2014 NACHA OPERATING RULES SUPPLEMENT #1-2014

Cyber Security is it a boardroom issue?

Public Safety Canada. Audit of the Business Continuity Planning Program

Quality Management System (QMS)

Dated 3 rd of November 2017 MEMORANDUM OF UNDERSTANDING SIERRA LEONE NATIONAL ehealth COORDINATION HUB

RELEASE NOTES. NZ Xcede Sheets. April Addition to April 2018

AUDIT REPORT. Network Assessment Audit Audit Opinion: Needs Improvement. Date: December 15, Report Number: 2014-IT-03

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

The UNISDR Private Sector Alliance for Disaster Resilient Societies

Financial Adviser Standards and Ethics Authority Ltd

CPD provider network. Provider Handbook

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

Password Standard. Suzanne Baker Version Effective Date 7/12/2013 Last Updated 7/12/2013

NDIS Quality and Safeguards Commission. Incident Management System Guidance

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

KYOCERA Premium Partner Program Terms and Conditions

EXAM PREPARATION GUIDE

AEMO S RESPONSE TO MARKET AUDITOR S REPORTS FOR AUDIT PERIOD 1 AUGUST 2015 TO 30 JUNE 2016

SOUTH AFRICAN NATIONAL STANDARD

Specification for TRAN Layer Services

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Pre-Standard PUBLICLY AVAILABLE SPECIFICATION IEC PAS Batch control. Part 3: General and site recipe models and representation

Telecommunications Equipment Certification Scheme FEBRUARY 2017

Policy for Translating and Reproducing Standards Issued by the International Federation of Accountants

National Policing Community Security Policy

SOUTH AFRICAN NATIONAL STANDARD

Action Plan Developed by The Iranian Institute of Certified Accountants (IICA) BACKGROUND NOTE ON ACTION PLANS

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Overview of ABET Kent Hamlin Director Institute of Nuclear Power Operations Commissioner TAC of ABET

BPA Worldwide Guide to Outbound Telemarketing Recording

Follow-up Strategic Security Industry Audit Final Report

POLICY TITLE: Record Retention and Destruction POLICY NO: 277 PAGE 1 of 6

Orion Registrar, Inc. Certification Regulations Revision J Effective Date January 23, 2018

Submission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework

IS Audit and Assurance Guideline 2001 Audit Charter

Privacy Policy First National Real Estate Ireson Real Estate Pty Ltd ACN

Systems and software engineering Requirements for managers of information for users of systems, software, and services

Stakeholder and community feedback. Trusted Digital Identity Framework (Component 2)

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration

TABLE OF CONTENTS. Page

Transcription:

AS 8015 2005 CORPORATE GOVERNANCE OF INFORMATION & COMMUNICATION TECHNOLOGY

This Australian Standard was prepared by Committee IT-030, IT Governance. It was approved on behalf of the Council of Standards Australia on 21 December 2004. This Standard was published on 31 January 2005. The following are represented on Committee IT-030: Australian Bankers Association Australian Chamber of Commerce and Industry Australian Computer Society Australian Electrical and Electronic Manufacturers Association Australian Institute of Company Directors Australian Institute of Project Management Consumers Federation of Australia Department of Defence (Australia) Information Systems Audit and Control Association Project Management Institute RMIT University Society of Consumer Affairs Professionals University of New South Wales Additional Interests: Adacel Technologies Attorney General s Department Australian Defence Force Academy Catalyst Consulting Centrelink Central Queensland University Codarra Advanced Systems Curtin University of Technology Decisions Department of Innovation, Industry and Regional Development DGJ Consulting DISplay Educad Garry Blair Consulting Gartner Australasia Infonomics Pty Ltd Information Project Services Kiscom Consulting Macquarie Graduate School of Management Max Shanahan and Associates Nationwide News NSW Department of Commerce Phillips Fox Ramin Communications SIFT SingTel Optus Software Quality Institute Synergy Management Solutions System Integration Services International Tenix Datagate The Art of Service The Frame Group Workcover New South Wales Keeping Standards up-to-date Standards are living documents which reflect progress in science, technology and systems. To maintain their currency, all Standards are periodically reviewed, and new editions are published. Between editions, amendments may be issued. Standards may also be withdrawn. It is important that readers assure themselves they are using a current Standard, which should include any amendments which may have been published since the Standard was purchased. Detailed information about Standards can be found by visiting the Standards Web Shop at www.standards.com.au and looking up the relevant Standard in the on-line catalogue. Alternatively, the printed Catalogue provides information current at 1 January each year, and the monthly magazine, The Global Standard, has a full listing of revisions and amendments published each month. Australian Standards TM and other products and services developed by Standards Australia are published and distributed under contract by SAI Global, which operates the Standards Web Shop. We also welcome suggestions for improvement in our Standards, and especially encourage readers to notify us immediately of any apparent inaccuracies or ambiguities. Contact us via email at mail@standards.org.au, or write to the Chief Executive, Standards Australia, GPO Box 5420, Sydney, NSW 2001. This Standard was issued in draft form for comment as DR 04198.

AS 8015 2005 Australian Standard Corporate governance of information and communication technology First published as AS 8015 2005. COPYRIGHT Standards Australia All rights are reserved. No part of this work may be reproduced or copied in any form or by any means, electronic or mechanical, including photocopying, without the written permission of the publisher. Published by Standards Australia, GPO Box 5420, Sydney, NSW 2001, Australia ISBN 0 7337 6438 X

AS 8015 2005 2 PREFACE This Standard was prepared by the Standards Australia Committee IT-030, ICT Governance and Management. The objective of this Standard is to provide a framework of principles for Directors to use when evaluating, directing and monitoring the information and communication technology (ICT) portfolio in their organizations. This Standard for the Corporate Governance of ICT is aligned with the set of standards headed by AS 8000 2003. The other standards in that set provide guidance to organizations on good governance principles, fraud and corruption control, codes of conduct, social responsibility and whistle blower protection. Most organizations use ICT and few can function effectively without it. Expenditure on ICT can represent a significant proportion of an organization s financial and human commitment. However, a return on this investment is often not realized and the adverse effects on organizations can be significant. The main reasons for these negative outcomes are the emphasis on technical, financial and scheduling aspects of ICT activities rather than corporate governance of ICT. This standard provides a framework for good governance of ICT, to assist those at the highest level of organizations to understand and fulfil their obligations. The framework comprises definitions, principles and a model. Other standards and handbooks, covering implementation and development of governance structures, will support this standard. Two Standards that are currently being developed deal with (a) ICT projects; and (b) ICT operations.

3 AS 8015 2005 CONTENTS Page SECTION 1 SCOPE,APPLICATION AND OBJECTIVES 1.1 SCOPE... 4 1.2 APPLICATION... 4 1.3 OBJECTIVES... 4 1.4 BENEFITS OF USING THIS STANDARD... 5 1.5 REFERENCED DOCUMENTS... 5 1.6 DEFINITIONS... 6 SECTION 2 OVERVIEW OF FRAMEWORK FOR GOOD CORPORATE GOVERNANCE OF ICT 2.1 PRINCIPLES... 8 2.2 MODEL... 8 SECTION 3 CORPORATE ICT GOVERNANCE FRAMEWORK 3.1 GENERAL... 10 www.standards.com.au Standards Australia

AS 8015 2005 4 STANDARDS AUSTRALIA Australian Standard Corporate governance of information and communication technology SECTION 1 SCOPE, APPLICATION AND OBJECTIVES 1.1 SCOPE This Standard provides guiding principles for Directors of organizations (including owners, board members, Directors, partners, senior executives, or similar) on the effective, efficient, and acceptable use of Information and Communication Technology (ICT) within their organization. The Standard applies to the governance of resources, computer-based or otherwise, used to provide information and communication services to an organization. These resources could be provided by ICT specialists, within the organization or external service providers, or by business units within the organization. 1.2 APPLICATION This Standard is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. The standard is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of ICT. It also provides guidance to those advising, informing, or assisting Directors. They include: (a) Senior managers. (b) Members of groups monitoring the resources within the organization. (c) External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies. (d) Vendors of hardware, software, communications and other ICT products. (e) Internal and external service providers (including consultants). (f) ICT auditors. 1.3 OBJECTIVES The purpose of this Standard is to promote effective, efficient, and acceptable use of ICT in all organizations by (a) providing stakeholders (including consumers, shareholders, and employees) with the confidence that, if the Standard is followed, they can trust in the organization s corporate governance of ICT; (b) informing and guiding Directors in governing the use of ICT in their organization; and (c) providing a basis for objective evaluation of the corporate governance of ICT. Standards Australia www.standards.com.au

The remainder of this document is available for purchase online at www.saiglobal.com/shop SAI Global also carries a wide range of publications from a wide variety of Standards Publishers: Click on the logos to search the database online.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback