IT principles

Reading COBIT 5 inspires me to revive a project of mine: Direct, a policy framework for IT. As part of that exercise, I want to collect a generic set of fundamental IT principles, akin to the list of generic IT objectives in COBIT 4 and 5.

So what are the axioms that underpin the operation of an IT business or business unit?

Many of these will not be universal principles that apply in every case, but I want to find the common ones, the generally accepted ones, that an organisation can pick and choose from.

Please contribute your ideas by commenting here or tweeting to @theitskeptic or contact me.

here are some starters:

  1. Balance the enabling of new business value against the risk to existing information and systems (in ITIL Service Operation 3.2.2: balance between responsiveness and stability)
  2. Balance service quality and cost (Service Operation 3.2.3)
  3. Balance reactive vs proactive (Service Operation 3.2.4)
  4. Balance IT view vs the external business view (Service Operation 3.2.1)
  5. Accountability for IT rests with the wider organisation
  6. IT exists to provide information services to its customers
  7. IT exists to provide information services to its customers and to protect the organisation's informational assets and investments ("protect and serve")

This list is pretty lame, it is intended just to get you going. Please contribute your ideas on the sort of fundamental IT principles that should drive policy.

I'll add them here and contribute them to Back2ITSM


Design, Build, Operate

IT Seeks to:

Design solutions in support of expressed business needs;
Build these solutions in alignment with the availabilty, capacity and functionality needs of the business;
Operate solutions in an effective and efficient manner, maintaining the required access and uptimes.

It Provides:
A secure, robust IT infrastructure;
Subject Matter expertise to interpret business needs and analyze the existing and emerging technology platforms to provide cost effective solutions;
Provide services in alignment to the ongoing needs and requirements of the business;

Nice, thanks Glen To which

Nice, thanks Glen
To which I'd add: to protect and serve, a balance of risk and value.

Provide Expert Judgement

I think one more overarching principle is to provide expert judgement related to technology and industry evolution. (relevant to your organization)

Senior IT Managers need to clearly express when technical solutions will support the business or are no longer fit for purpose.

The concept of expertise in our vertical is one we ofter overlook as a service we provide. To be a trusted partner within the business you need to be able to communicate what is possible and what is not, in clear "jargon free" language.

Maybe the principle is to use expert judgement to interpret business requirements, identify risks, assist with defining the level of acceptable risk from an IS/IT point of view; and develop solutions that fit this risk appetite.

10 more IT principles

James Robertson at StepTwo Designs lists these 10 (see the article for full discussion of them)

recognise (and manage) complexity
focus on adoption
deliver tangible & visible benefits
prioritise according to business needs
take a journey of a thousand steps
provide strong leadership
mitigate risks
communicate extensively
aim to deliver a seamless user experience
choose the first project very carefully

Thanks to @BGInfoSecKnight


IT will produce reporting for key stakeholders in order to enable good decision making regarding governance and management of IT.

While this may be a subset of the external vs internal view of IT, it still needs to be called out.

Keep it simple

Keep it simple.

this is a great set of

this is a great set of principles thank-you @BGInfoSecKnight

IT Principles

Governance criteria for Technology: Technology made available to the business to exploit efficiencies & connectivity balanced against the realities such as ease of use and reliability (e.g. utility & warranty) (The ITDYNMICStm governance framework)

IT Principles

Mapping the 6 layers (ownership, business processes, applications, systems, hardware and infrastructure) and corresponding elements (people, process and technology) is an important framework for understanding how the business works, and determine the IT assets & enablers that make the business work (OBASHI)

How about: "IT will seek

How about: "IT will seek customer participation/input whenever feasible/possible". I've seen it happen a lot where, for example, there is no customer participation in the CAB, or during the Service Design process.

My 2.


Syndicate content