AS 8015

Last updated

AS 8015-2005: Australian Standard for Corporate Governance of Information and Communication Technology is a technical standard developed by Standards Australia Committee IT-030 and published in January 2005. The standard provides principles, a model and vocabulary as a basic framework for implementing effective corporate governance of information and communication technology (ICT) within any organization. [1] [2] The standard was the first "to describe governance of IT without resorting to descriptions of management systems and processes." [3] AS 8105 later became the catalyst and main infrastructure for the creation of the international ISO/IEC 38500:2008 Information technology — Governance of IT for the organization standard. [4] [5]

Contents

History

The collapse of the Dot-com bubble into the early 2000s brought about demands for greater corporate disclosure and accountability. The costly failure of many information technology (IT) initiatives caused many to point fingers at poor corporate and information governance. [1] One location where the call for the development of new IT management and governance standards was answered was within non-government standards development body Standards Australia. An IT Management and Governance working group called IT-030 was announced in July 2002 [6] [ failed verification see discussion ] and fully formed in August. [7] [ failed verification see discussion ] The committee which drafted and recommended the publication included representatives from over 30 organizations, including the Australian Computer Society, Australian Bankers Association, Australian Institute of Company Directors, and Australia's Department of Defence. [1] One of IT-030's first substantial meetings was held in Sydney September 24–26 with the goal of using a qualitative survey to gauge interest in developing a full standard. [8] [9] Those insights were discussed at a follow-up meeting in Canberra on September 30, agreeing that the "'Governance of Information and Communications Technologies' would be a more accurate reflection of the emerging scope of the standard." [9] By late January 2003, draft documents of the standard began to appear. [10] By September 2004, the draft standard was being presented at the 2004 Australian Computer Society National Conference in Melbourne, and submitted comments were being resolved, with an eye on a late 2004 publication. [11] [12] The final version was published in January 2005. [1]

The standard

The 12-page standard places responsibility for ICT firmly within the hands of the organization, and "[i]t involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans." [12] It features six main principles of quality governance of ICT: [1] [12]

  1. Clearly delineate responsibilities for ICT.
  2. Carefully plan ICT to best support the organization.
  3. Ensure the acquisition of ICT is valid.
  4. Ensure implemented ICT performs as expected, if not better, when needed.
  5. Verify that ICT conforms to a set of formal rules.
  6. Ensure ICT respects human factors.

It also includes a model demonstrating how directors should monitor and evaluate how their organization is using ICT in response to the pressures and demands being placed on the company. The standard also lays out vocabulary that helps unify other previous standards with AS 8015. [1]

As one of the first standards to lay out IT governance so simply, AS 8015 strongly influenced the development of ISO/IEC 38500:2008 Information technology — Governance of IT for the organization, an international standard that went on to make "a clear distinction between governance and management." [4] [5]

See also

Related Research Articles

<span class="mw-page-title-main">International Organization for Standardization</span> International standards development organization

The International Organization for Standardization is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Article 3 of the ISO Statutes.

Information technology (IT)governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality Management System.

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance has traditionally been explained by reference to deterrence theory, according to which punishing a behavior will decrease the violations both by the wrongdoer and by others. This view has been supported by economic theory, which has framed punishment in terms of costs and has explained compliance in terms of a cost-benefit equilibrium. However, psychological research on motivation provides an alternative view: granting rewards or imposing fines for a certain behavior is a form of extrinsic motivation that weakens intrinsic motivation and ultimately undermines compliance.

COBIT is a framework created by ISACA for information technology (IT) management and IT governance.

ISO/IEC 20000 is the international standard for IT service management. It was developed in 2005 by ISO/IEC JTC1/SC7 and revised in 2011 and 2018. It was originally based on the earlier BS 15000 that was developed by BSI Group.

Data governance is a term used on both a macro and a micro level. The former is a political concept and forms part of international relations and Internet governance; the latter is a data management concept and forms part of corporate data governance.

International standards in the ISO/IEC 19770 family of standards for IT asset management address both the processes and technology for managing software assets and related IT assets. Broadly speaking, the standard family belongs to the set of Software Asset Management standards and is integrated with other Management System Standards.

An environmental audit is a type of evaluation intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.

Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The core of ISM includes information risk management, a process that involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders. This requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets. As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035 standards on information security.

The ISO/IEC 27000 family comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and promote standards in the fields of information and communications technology (ICT).

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

ISO/IEC 38500 is an international standard for Corporate governance of information technology published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The standard is heavily based on the AS 8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology, originally published in January 2005.

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote. The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut für Normung (DIN) located in Germany.

ISO/IEC JTC 1/SC 39 Sustainability for and by Information Technology is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), that develops and facilitates standards within the field of sustainability and resource efficiency through Information Technology. The international secretariat of ISO/IEC JTC 1/SC 39 is the American National Standards Institute (ANSI), located in the United States.

Note: This special working group has been disbanded.

ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 40 develops and facilitates the development of international standards, technical reports, and technical specifications within the fields of IT service management and IT governance, with a focus in IT activity such as audit, digital forensics, governance, risk management, outsourcing, service operations and service maintenance. The international secretariat of ISO/IEC JTC 1/SC 40 is Standards Australia (SA), located in Australia.

The Open Trusted Technology Provider Standard (O-TTPS) is a standard of The Open Group that has also been approved for publication as an Information Technology standard by the International Organization of Standardization and the International Electrotechnical Commission through ISO/IEC JTC 1 and is now also known as ISO/IEC 20243:2015. The standard consists of a set of guidelines, requirements, and recommendations that align with best practices for global supply chain security and the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products. It is currently in version 1.1. A Chinese translation has also been published.

References

  1. 1 2 3 4 5 6 da Cruz, M. (2006). "10: AS 8015-2005 - Australian Standard for Corporate Governance of ICT". In van Bon, J.; Verheijen, T. (eds.). Frameworks for IT Management. Van Haren Publishing. pp. 95–102. ISBN   9789077212905 . Retrieved 23 June 2016.
  2. McKay, A. (2007). "Australia leads the world on ICT governance". Up. 8 (Summer 2007): 3. Archived from the original (PDF) on 11 September 2009. Retrieved 23 June 2016.
  3. Juiz, C.; Toomey, M. (2015). "To Govern IT, or Not to Govern IT?". Communications of the ACM. 58 (2): 58–64. doi:10.1145/2656385. S2CID   34086325.
  4. 1 2 Smallwood, R.F. (2014). "Chapter 10: Information Governance and Information Technology Functions". Information Governance: Concepts, Strategies, and Best Practices. John Wiley & Sons, Inc. pp. 189–206. ISBN   9781118421017 . Retrieved 23 June 2016.
  5. 1 2 Toomey, Mark (20 November 2008). "A Significant Achievement" (PDF). The Infonomics Letter. Infonomics Pty Ltd. Archived from the original (PDF) on 15 August 2016. Retrieved 23 June 2016.
  6. Mills, Kelly (18 July 2002). "National guidelines for IT on their way". IT World Canada. IT World Canada, Inc. Archived from the original on 23 June 2016. Retrieved 23 June 2016.
  7. "Fact Sheet - IT Management and Governance (Z0001)". Standards Australia. 13 August 2002. Archived from the original on 1 July 2005. Retrieved 23 June 2016.
  8. "IT-030 ICT Governance and Management". Standards Australia. Archived from the original on 1 July 2005. Retrieved 23 June 2016.
  9. 1 2 da Cruz, Marghanita (30 September 2002). "Market Research into perceptions about the governance of Information and Communication Technologies". Ramin Communications. Archived from the original on 25 August 2023. Retrieved 25 August 2023.
  10. "IT-030 Archived Documents". Standards Australia. Archived from the original on 24 August 2006. Retrieved 23 June 2016.
  11. da Cruz, Marghanita (2004). "Draft Australian Standard for the Corporate Governance of ICT". Ramin Communications. Archived from the original on 25 August 2023. Retrieved 25 August 2023.
  12. 1 2 3 da Cruz, Marghanita. "AS 8015 (2005) - Australian Standard for Corporate Governance of ICT". Ramin Communications. Archived from the original on 25 August 2023. Retrieved 25 August 2023.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.