Internal Context

Governance

Organisational governance is defined as “a system by which an organisation makes and implements decisions in pursuit of its objectives.” Organisational governance is achieved by a mix of standards, rules, processes, practices, and technology platforms that support maturity in governance.

In view of enhanced role of ICT for achieving the business mission and objectives, governance of IT and information security are considered as a subset or domain of organisational (entity) governance. Definitions of governance in specific context of IT and Information security are provided in ISO/IEC 26000, ISO/IEC 38500:2015 and ISO/IEC 27014:2020.

• Governance of Enterprise IT deals with resources required to acquire, process, store and disseminate information.

• Enterprise Information Security Governance deals with assurance of information confidentiality, integrity and availability and effective communication of the same with various external stakeholders.