AS 8015

Last updated

AS 8015-2005: Australian Standard for Corporate Governance of Information and Communication Technology is a technical standard developed by Standards Australia Committee IT-030 and published in January 2005. The standard provides principles, a model and vocabulary as a basic framework for implementing effective corporate governance of information and communication technology (ICT) within any organization. [1] [2] The standard was the first "to describe governance of IT without resorting to descriptions of management systems and processes." [3] AS 8105 later became the catalyst and main infrastructure for the creation of the international ISO/IEC 38500:2008 Information technology — Governance of IT for the organization standard. [4] [5]

Contents

History

The collapse of the Dot-com bubble into the early 2000s brought about demands for greater corporate disclosure and accountability. The costly failure of many information technology (IT) initiatives caused many to point fingers at poor corporate and information governance. [1] One location where the call for the development of new IT management and governance standards was answered was within non-government standards development body Standards Australia. An IT Management and Governance working group called IT-030 was announced in July 2002 [6] [ failed verification see discussion ] and fully formed in August. [7] [ failed verification see discussion ] The committee which drafted and recommended the publication included representatives from over 30 organizations, including the Australian Computer Society, Australian Bankers Association, Australian Institute of Company Directors, and Australia's Department of Defence. [1] One of IT-030's first substantial meetings was held in Sydney September 24–26 with the goal of using a qualitative survey to gauge interest in developing a full standard. [8] [9] Those insights were discussed at a follow-up meeting in Canberra on September 30, agreeing that the "'Governance of Information and Communications Technologies' would be a more accurate reflection of the emerging scope of the standard." [9] By late January 2003, draft documents of the standard began to appear. [10] By September 2004, the draft standard was being presented at the 2004 Australian Computer Society National Conference in Melbourne, and submitted comments were being resolved, with an eye on a late 2004 publication. [11] [12] The final version was published in January 2005. [1]

The standard

The 12-page standard places responsibility for ICT firmly within the hands of the organization, and "[i]t involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans." [12] It features six main principles of quality governance of ICT: [1] [12]

  1. Clearly delineate responsibilities for ICT.
  2. Carefully plan ICT to best support the organization.
  3. Ensure the acquisition of ICT is valid.
  4. Ensure implemented ICT performs as expected, if not better, when needed.
  5. Verify that ICT conforms to a set of formal rules.
  6. Ensure ICT respects human factors.

It also includes a model demonstrating how directors should monitor and evaluate how their organization is using ICT in response to the pressures and demands being placed on the company. The standard also lays out vocabulary that helps unify other previous standards with AS 8015. [1]

As one of the first standards to lay out IT governance so simply, AS 8015 strongly influenced the development of ISO/IEC 38500:2008 Information technology — Governance of IT for the organization, an international standard that went on to make "a clear distinction between governance and management." [4] [5]

See also

Related Research Articles

<span class="mw-page-title-main">International Organization for Standardization</span> International standards development organization

The International Organization for Standardization is an international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Article 3 of the ISO Statutes.

Information technology (IT)governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system.

COBIT is a framework created by ISACA for information technology (IT) management and IT governance.

<span class="mw-page-title-main">Web Content Accessibility Guidelines</span> Web accessibility guidelines

The Web Content Accessibility Guidelines (WCAG) are part of a series of web accessibility guidelines published by the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C), the main international standards organization for the Internet. They are a set of recommendations for making Web content more accessible, primarily for people with disabilities—but also for all user agents, including highly limited devices, such as mobile phones. WCAG 2.0, were published in December 2008 and became an ISO standard, ISO/IEC 40500:2012 in October 2012. WCAG 2.1 became a W3C Recommendation in June 2018.

Data governance is a term used on both a macro and a micro level. The former is a political concept and forms part of international relations and Internet governance; the latter is a data management concept and forms part of corporate data governance.

International standards in the ISO/IEC 19770 family of standards for IT asset management address both the processes and technology for managing software assets and related IT assets. Broadly speaking, the standard family belongs to the set of Software Asset Management standards and is integrated with other Management System Standards.

An environmental audit is a type of evaluation intended to identify environmental compliance and management system implementation gaps, along with related corrective actions. In this way they perform an analogous (similar) function to financial audits. There are generally two different types of environmental audits: compliance audits and management systems audits. Compliance audits tend to be the primary type in the US or within US-based multinationals.

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information security, cybersecurity and privacy protection — Information security controls.

The ISO/IEC 27000-series comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and promote standards in the fields of information and communications technology (ICT).

ISO/IEC 38500 is an international standard for Corporate governance of information technology published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. The standard is heavily based on the AS 8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology, originally published in January 2005.

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote. The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut für Normung (DIN) located in Germany.

ISO/IEC JTC 1/SC 39 Sustainability for and by Information Technology is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), that develops and facilitates standards within the field of sustainability and resource efficiency through Information Technology. The international secretariat of ISO/IEC JTC 1/SC 39 is the American National Standards Institute (ANSI), located in the United States.

Note: This special working group has been disbanded.

ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 40 develops and facilitates the development of international standards, technical reports, and technical specifications within the fields of IT service management and IT governance, with a focus in IT activity such as audit, digital forensics, governance, risk management, outsourcing, service operations and service maintenance. The international secretariat of ISO/IEC JTC 1/SC 40 is Standards Australia (SA), located in Australia.

The Open Trusted Technology Provider Standard (O-TTPS) is a standard of The Open Group that has also been approved for publication as an Information Technology standard by the International Organization of Standardization and the International Electrotechnical Commission through ISO/IEC JTC 1 and is now also known as ISO/IEC 20243:2015. The standard consists of a set of guidelines, requirements, and recommendations that align with best practices for global supply chain security and the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products. It is currently in version 1.1. A Chinese translation has also been published.

ISO/IEC 27701:2019 is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.

References

  1. 1 2 3 4 5 6 da Cruz, M. (2006). "10: AS 8015-2005 - Australian Standard for Corporate Governance of ICT". In van Bon, J.; Verheijen, T. (eds.). Frameworks for IT Management. Van Haren Publishing. pp. 95–102. ISBN   9789077212905 . Retrieved 23 June 2016.
  2. McKay, A. (2007). "Australia leads the world on ICT governance". Up. 8 (Summer 2007): 3. Archived from the original (PDF) on 11 September 2009. Retrieved 23 June 2016.
  3. Juiz, C.; Toomey, M. (2015). "To Govern IT, or Not to Govern IT?". Communications of the ACM. 58 (2): 58–64. doi:10.1145/2656385. S2CID   34086325.
  4. 1 2 Smallwood, R.F. (2014). "Chapter 10: Information Governance and Information Technology Functions". Information Governance: Concepts, Strategies, and Best Practices. John Wiley & Sons, Inc. pp. 189–206. ISBN   9781118421017 . Retrieved 23 June 2016.
  5. 1 2 Toomey, Mark (20 November 2008). "A Significant Achievement" (PDF). The Infonomics Letter. Infonomics Pty Ltd. Archived from the original (PDF) on 15 August 2016. Retrieved 23 June 2016.
  6. Mills, Kelly (18 July 2002). "National guidelines for IT on their way". IT World Canada. IT World Canada, Inc. Archived from the original on 23 June 2016. Retrieved 23 June 2016.
  7. "Fact Sheet - IT Management and Governance (Z0001)". Standards Australia. 13 August 2002. Archived from the original on 1 July 2005. Retrieved 23 June 2016.
  8. "IT-030 ICT Governance and Management". Standards Australia. Archived from the original on 1 July 2005. Retrieved 23 June 2016.
  9. 1 2 da Cruz, Marghanita. "Market Research into perceptions about the governance of Information and Communication Technologies". Ramin Communications. Archived from the original on 25 August 2023. Retrieved 25 August 2023.
  10. "IT-030 Archived Documents". Standards Australia. Archived from the original on 24 August 2006. Retrieved 23 June 2016.
  11. da Cruz, Marghanita (2004). "Draft Australian Standard for the Corporate Governance of ICT". Ramin Communications. Archived from the original on 25 August 2023. Retrieved 25 August 2023.
  12. 1 2 3 da Cruz, Marghanita. "AS 8015 (2005) - Australian Standard for Corporate Governance of ICT". Ramin Communications. Archived from the original on 25 August 2023. Retrieved 25 August 2023.