ISO 38500 - Modelos de Documentos

GRC Institute
ISO/IEC 38500 Workbook
What is this workbook?

This workbook is a collection of tools and templates that you can use to document how closely an IT department
aligns with the six key principles that have been identified by the ISO/IEC 38500 task force, as well as to plan
how and when to act in accordance with the three-step approach.
Who is this workbook for?

The workbook provides guidance to:
IT professionals, senior managers, executives, directors
Members of groups monitoring the resources within the organization
External business or technical specialists, retail associations, professional bodies
Vendors of hardware, software, communications, and other IT products
IT auditors
External service providers, such as consultants
How should I use this workbook?

This workbook has been designed to be used as a pre-planning checklist to help focus planning on the most
critical areas. The ISO/IEC 38500 standard is invaluable in bringing focus to the key principles that drive IT
departments in both large and small organizations, whether they are private, public, non-profit, or government
entities. Please note, however, that this document is not a replacement for a more detailed, structured, and
comprehensive strategic planning exercise.
International Copyright GRC Group, 1360 Clifton Avenue, Mail Stop 163, Clifton, New Jersey 07012.
email@grcg.com.
GRC Institute
Principle 1: Example
This is an example for illustrative purposes only.
Model Domains Evaluate the current and future use of IT Direct preparation and implementation Monitor conformance and performance
Action Steps Corresponding to Each of the Areas Listed
Action Area/ Task within Date Freq- Responsibility Task within Date Freq- Responsibility Task within Date Freq- Responsibility
Specific Items Model Area Start uency and Sign-off Model Area Start uency and Sign-off Model Area Start uency and Sign-off
Area: Current IT Review 1/09 Yearly IT Committee Provide 2/09 Qtrly IT Committee/ Review Steering 4/09 Qtrly IT Committee/
Environment Infrastructure business Assigned Committee
Item: Steering
objectives to Managers/ minutes
Infrastructure Evaluate Committee
1/09 Qtrly IT Committee identified
current Steering
Business managers for
business Comittee 4/09 Qtrly
Objectives project Review Project
needs/objecti IT Committee/
selection and budgets and
Projects ves
implementation timelines Steering
Staff Committee/
1/09 Qtrly IT Committee IT Committee/
Map all IT Assigned
Provide Assigned
projects to 2/09 Qtrly Managers
reporting Managers/
objectives Review
expectations for 4/09 Qtrly IT Committee/
project updates Steering outcomes
As Committee versus Steering
Evaluate staff neede expectations Committee/
roles/capabilit 1/09 IT Committee (meet business
d
ies for each objectives) Assigned
project Managers
International Copyright GRC Group, 1360 Clifton Avenue, Mail Stop 163, Clifton, New Jersey 07012. email@grcg.com.
GRC Institute
Principle 1: Responsibility
Individuals and groups within the organization understand and accept their responsibilities in respect to the supply of, and demand for, IT. Those with
responsibility for actions also have the authority to perform those actions.
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
(Use additional pages as needed)
GRC Institute
Principle 2: Strategy
The organizations business strategy takes into account the current and future capabilities of IT. In addition, the strategic plans for IT satisfy the current and
ongoing needs of the organizations business strategy.
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
GRC Institute
Principle 3: Acquisition
IT acquisitions are made for valid reasons, on the basis of appropriate and ongoing analysis, with clear and transparent decision-making. There is an appropriate
balance among benefits, opportunities, costs, and risks, in both the short term and the long term.
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
GRC Institute
Principle 4: Performance
IT is fit for purpose in supporting the organization, and providing the services, levels of service, and service quality required to meet current and future business
requirements.
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
GRC Institute
Principle 5: Conformance
IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented, and enforced.
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
GRC Institute
Principle 6: Human Behavior
IT policies, practices, and decisions demonstrate respect for human behavior, including the current and evolving needs of all the people in the process.
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Area: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
Item: ___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________
___________ ____________ _____ _____ _____________ _____________ _____ _____ _____________ _____________ _____ _____ ____________

ISO 38500 - Modelos de Documentos

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

ISO 38500 - Modelos de Documentos

Diunggah oleh

Hak Cipta:

Format Tersedia

GRC Institute

ISO/IEC 38500 Workbook

What is this workbook?

Who is this workbook for?

IT professionals, senior managers, executives, directors

Members of groups monitoring the resources within the organization

External business or technical specialists, retail associations, professional bodies

Vendors of hardware, software, communications, and other IT products

External service providers, such as consultants

How should I use this workbook?

This is an example for illustrative purposes only.

Action Steps Corresponding to Each of the Areas Listed

Action Steps Corresponding to Each of the Areas Listed

(Use additional pages as needed)

Action Steps Corresponding to Each of the Areas Listed

(Use additional pages as needed)

Action Steps Corresponding to Each of the Areas Listed

(Use additional pages as needed)

Action Steps Corresponding to Each of the Areas Listed

(Use additional pages as needed)

Action Steps Corresponding to Each of the Areas Listed

(Use additional pages as needed)

Principle 6: Human Behavior

Action Steps Corresponding to Each of the Areas Listed

(Use additional pages as needed)

Anda mungkin juga menyukai