IT Governance Blog on IT governance, risk management, compliance and information security.

ISO/IEC 38500:2008 provides guiding principles for directors of organisations on the effective, efficient, and acceptable use of information technology (IT). These principles are designed to be used within an organisations.

Implementing an effective IT Governance framework, compatible with ISO38500, within an organisation has many benefits that can be directly attributed to bottom line savings.

(more…)

Order the ISO38500 IT Governance Framework Toolkit before midnight on Friday (19 February 2010) and receive a free copy of IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT!

The IT Governance Framework – Toolkit & Book Special Offer provides you with:

A single integrated framework that enables you to get the best out of: CobiT, ITIL, ISO27001/ISO27002, ISO20000, Prince2, PMBOK, TOGAF, IT Balanced Scorecards, the Zachman Enterprise Architecture, IT Portfolio Management, IT Dashboards and so much more,

• A framework to navigate your wide-ranging and complex strategic, risk management, compliance and operational needs;
• A step-by-step guide to cross-company implementation;
• Templates and assessment tools that will simplify many aspects of the process for you; and
• Practical guidance working with ISO/IEC 38500 and for integrating widely-used IT governance frameworks, including CobiT, ISO27001, ITIL and so on.
• A FREE copy of IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT when your order before midnight on Friday 19th February 2010!

(more…)

Meet compliance requirements for information security and PCI DSS with the help of our toolkits. There is currently added value offers available which expire at Midnight this Friday 19th February 2010!

Order before Friday and get 5 Pocket Guides FREE!

Purchase this toolkit before Friday and get PCI DSS: A Pocket Guide Free!

(more…)

“Using the templates, was the only way that we could deliver a 1st
edition ISMS in under 6 months. Our deliverable was a work in progress but
miles ahead of where they would have been without the templates.”

Tim Moreton, President, Moreton & Co., airlinetechnology.net.

These Toolkits currently have added value offers which expire on Friday 19th February 2010!

IT Governance Framework – Toolkit Free – Implementing Frameworks & Standards for the Corporate Governance of IT!	BS25999 BCMS Implementation Toolkit Special Offer Free- Disaster Recovery and Business Continuity Book!	Risk Assessment Best Practice Toolkit Free – Risk Assessment for Asset Owners: Pocket Guide!
No 3 ISO27001 Comprehensive ISMS Toolkit Free – 5 Essential Pocket Guides	Complete Data Protection Toolkit Free – Data Breaches Report worth £195!	PCI DSS v1.2 Documentation Compliance Toolkit Free PCI DSS: A Pocket Guide!

All our toolkits are thoughtfully packaged bundles of tools and resources
which help you to achieve your goal in a timely manner and within budget.
Created by subject matter experts who have had successfully
implementations, allow you to follow in their footsteps saving you time,
money and stress.
(more…)

Call our training team on +44 (0) 845 070 1750 to book and save today!

The next COBIT 4.1 Foundation Course (Official ISACA 2-day Course) will be in London (EC2M) next week – 8-9 February 2010. We only have a few seats remaining and the next 4 people to book by phone will save £100!

Have you ever wanted to know more about:

• How IT management issues affect an organisation;
• The principles of IT governance, how IT governance helps address IT management issues, and who should be responsible for IT governance;
• The need for a control framework driven by the need for IT governance;
• How COBIT meets the requirement for an IT governance framework;
• How COBIT is used with other standards and best practices;
• The COBIT framework and all the components of COBIT, which are control objectives, control practices, management guidelines, and audit guidelines;
• How to apply COBIT in a practical situation; or
• The benefits of using COBIT?

(more…)

• Is your business going to succeed or fail in the new age of intellectual capital?
• Will your board of directors meet its fiduciary responsibilities in terms of information technology?

If Information Technology is a part of your business, governance now extends to and includes information and the IT infrastructure that supports your business. Shareholder expectations of boards, and of the individual directors on boards, are clear:

• The board of directors will actually direct the management of the company, including strategic and IT business plans and fundamental structural changes;
• The board will see to the hiring of competent and honest business and IT managers;
• The board will understand the business of the firm and develop and monitor a business and IT strategy;
• The board will monitor the managers as they carry out the strategy and the operations of the company;
• When making a business decision, the board will develop a thorough understanding of the transaction and act in good faith, on an informed basis, and with a rational business purpose;
• The board will operate with basic honesty, care, and loyalty; and
• The board will take good-faith steps to make sure the company complies with the law.

These IT governance expectations demand an appropriate IT governance framework. That can be difficult and time-consuming to do from scratch.
(more…)

There hasn’t been a better time than now to purchase the No 3 ISO27001 Comprehensive ISMS Toolkit.

3 reasons to buy this toolkit during December:

1. Beat the VAT rise and save nearly £50!
2. Get a free 1 month Subscription to our KnowledgeBank!
3. Benefit from the recently added extra value resources!

(more…)

ISO 9001:2000 has now been withdrawn and replaced by the 2008 version of the standard. ISO 9001:2008 has been updated taking into account the latest in best practice and feedback from a rigorous review process that involved high-level industry experts.

The changes that have been made in ISO 9001:2008 are not radical in themselves, they are mainly changes that provide clarification and make the standard more compatible with ISO 14001. Organisations that are currently certified to the 2000 version of the standard need to update their certifications to the new version.
(more…)

Avoid Re-Inventing Existing Wheels

Every organization who licenses personal information about a resident of Massachusetts shall be in full compliance with 201 CMR 17.00 on or before March 1, 2010.

ISO/IEC 27001:2005 directly covers 95% of the 201 CMR 17.00 requirements without modification and with a few specific requirements added to support the prescriptive requirement to encrypt personal information, ISO/IEC 27001:2005 provides a truly comprehensive information security program that will stand-up to the next round of state and/or federal regulations.
(more…)

IT Governance produce and package many toolkits that fall within the broad range of IT governance subjects, including information security, compliance, risk management, ITIL, IT Service Management, Management Systems, Business Continuity, etc.

Below is a range of our most popular toolkits which are being used to accelerate compliance projects in organisations accross the globe.
(more…)