Reading COBIT 5 inspires me to revive a project of mine: Direct, a policy framework for IT. As part of that exercise, I want to collect a generic set of fundamental IT principles, akin to the list of generic IT objectives in COBIT 4 and 5.
So what are the axioms that underpin the operation of an IT business or business unit?
Many of these will not be universal principles that apply in every case, but I want to find the common ones, the generally accepted ones, that an organisation can pick and choose from.
here are some starters:
- Balance the enabling of new business value against the risk to existing information and systems (in ITIL Service Operation 3.2.2: balance between responsiveness and stability)
- Balance service quality and cost (Service Operation 3.2.3)
- Balance reactive vs proactive (Service Operation 3.2.4)
- Balance IT view vs the external business view (Service Operation 3.2.1)
- Accountability for IT rests with the wider organisation
- IT exists to provide information services to its customers
- IT exists to provide information services to its customers and to protect the organisation's informational assets and investments ("protect and serve")
This list is pretty lame, it is intended just to get you going. Please contribute your ideas on the sort of fundamental IT principles that should drive policy.
I'll add them here and contribute them to Back2ITSM