IT Governance Blog on IT governance, risk management, compliance and information security.

BSI (British Standard Institute) has just released a new version of the first part of its project management standard, BS6079. It might come as a surprise to some that there is even a standard for project management available considering frameworks, such as PMBOK and PRINCE2^™, exist.

On closer investigation it becomes clear there are quite a few standards on project management available, both from BSI and International Standards Organisation (ISO), all of which can be found on our website.

(more…)

CEH, CHFI, ECSA, ENSA, and Security5

The EC-Council, one of the leading certification bodies for the IT security industry, offers a wide range of professional certifications for security professionals. Amongst these are many different levels of qualification.

Career Academy have launched a range of EC-Council endorsed courses that cover a wide selection of these qualifications. All of the current Career Academy (EC-Council endorsed) courses are now available from IT Governance’s EC-Council Campus.

Read on for details of the EC-Council qualifications with available e-learning courses.

(more…)

With the launch of the new ISO 20000-5 standard, new advice and guidance on how to implement a service management system (SMS) than ever before is now available. What does the new standard deliver? Well, it offers the following advice and guidance:

• An exemplar implementation on how to implement an SMS that meets the requirements of ISO 20000-1
• It adds additional guidance on how to achieve ISO 20000-1 certification
• Offers advice and guidance to service providers on how to plan and implement improvements
• It includes advice on development of a business case, the start up project, and a list of the main activities required to implement ISO 20000-1 successfully
• Additional  topics covered include developing objectives, developing policies, document and record management. Sample process documentation is also included.

(more…)

I am now nearing the end of my ITILv3 Foundation studies, having used one of the market-leading distance learning courses http://www.itgovernance.co.uk/products/1359 to study for the exam. So, the thing that next springs to mind is what to study for next, and how to study?

With this conundrum in mind, I am faced with an enviable task as I work for the leading reseller of IT governance-related classroom and distance learning courses. Which option to choose next, I ask myself?

To be honest, I fancy progressing my ITIL studies on to the next level, Intermediate, as most people will after completing their Foundation studies. The ITILv3 Intermediate qualifications are structured around two streams, the Lifecycle and the Capability streams. You can take courses from either stream to count toward your ITIL Expert certification.
(more…)

No one could have failed in recent weeks to either have noticed, or in some way be affected by, the shutdown of most of European airspace caused by the volcanic ash crisis.

Whether you have been travelling during the recent disruptions and caught abroad, wanting to procure vegetables or perishable goods from far-flung parts of the world, or simply waiting for a letter from a foreign country, the situation is sure to have impacted on your professional and personal life in some way.

With so many organisations now depending on global supply lines, it is perhaps surprising that not more organisations have taken into consideration how scenarios like the volcanic ash crisis could affect them.

Having read a recent article by the chair of the technical committee that originated the new International Standard for risk management (ISO 31000), Kevin Knight, puts the reasons for this failure down to boards and top management failing manage risk effectively.

Knight goes further to give an example of how United Parcel Service (UPS), an organisation with a strong culture of risk management at its heart, coped with the crisis and was able to still continue its operations, when other organisations were totally disabled by the crisis.

Clearly, risk is part of the everyday operations of many organisations. Without risk and risk-taking, there is never likely to be any reward or progress. But risk needs to be managed and minimised, so that opportunities can be exploited.

ISO 31000, the new International Standard for risk management, provides the framework, process and principles for the effective management of risk. ISO 31000 is different from other risk management frameworks, where the emphasis is shifted very much from the actual disaster or event, to dealing with the effects of the uncertainty on organisational objectives.

In combination with the other standards in the ISO 31000 family, all of which are available in the ISO 31000 Risk Management Kit, ISO 31000 enables organisations to comprehend the risk involved in achieving their goals and ensure they manage their risks so as to ensure a successful outcome, just like UPS.

The advancement and easy availability of new and useful technologies today has enabled thousands of organizations worldwide to implement and become heavily dependent on technology for their business needs. Information technology (IT) has invaded and proved its immense benefits even in the smallest of organizations. Nowadays it is not possible to run any organization, small or large, without the use of some computer or telecom-related technology. Today many organizations can easily afford to buy the necessary computers, software, telecommunications, etc, for running their businesses. But they do not understand the need for managing their IT implementation or ongoing maintenance properly due to numerous reasons, including lack of appropriate knowledge. For example, a small business owner may buy a single computer initially for general use. After seeing the benefits of using computers, he may immediately decide to buy 25 more for his staff. Within a short time his business will be computerized, and very soon IT support headaches will enter the business. Using a computer may be easy, but maintaining a computer system is a complicated task. Users may suddenly experience crippling virus attacks, equipment failures, software licensing issues, data corruption, data loss, backup issues, upgrade issues, and so on. They may not be in a position to support and maintain a computer network. Overnight, a smart purchasing assistant may undergo a crash course in computer maintenance, or buy a book called ‘Computer Maintenance for Dummies,’ and soon will be given the responsibility for technical support of the business along with his other responsibilities. This is how IT departments start in thousands of organizations. However, this sort of approach will lead to major and uncontrollable issues later.  
(more…)

If you are looking for a quick reference to PMBOK, or for a concise introduction to the subject, this must-have pocket guide is for you!

Use it in tandem with PMBOK Guide, Fourth Edition to get an as complete understanding of the methodology as possible.

The Project Management Institute (PMI) has recently released the latest version of its Project Management Body of Knowledge (PMBOK) project management methodology. The latest version was published in the form of the PMBOK Guide, Fourth Edition.

The key changes that have been made to the latest version of PMBOK are as follows:
(more…)

ISO 9001:2000 has now been withdrawn and replaced by the 2008 version of the standard. ISO 9001:2008 has been updated taking into account the latest in best practice and feedback from a rigorous review process that involved high-level industry experts.

The changes that have been made in ISO 9001:2008 are not radical in themselves, they are mainly changes that provide clarification and make the standard more compatible with ISO 14001. Organisations that are currently certified to the 2000 version of the standard need to update their certifications to the new version.
(more…)