CITO juggling ICT on one foot, on a wall

Information & Communication Technology

Australian Standard

AS8015: Australian Standard for Corporate Governance of Information and Communication Technology was published in 2005.

The Australian Standard was adopted as a international standard ISO/IEC 38500: Corporate governance of Information Technology in 2008.

A popular enthusiasm for new technology, has made the objective evaluation of Information and Communication Technology (ICT) difficult. Audit reports into government projects, academic studies and ongoing media coverage (1) demonstrated that the approach to ICT wasn't satisfactory.

While significant financial and organisational investments were made, many ICT projects ended in failure and returned very little to the enterprise.

The use of ICT has become intrinsic to business operations and vital to the well being of organisations. Increasingly, customers and suppliers expect to do business over the Internet. As new business practices continue to be driven by developments in ICT, the threats and opportunities it offers to organisations need to be monitored and managed effectively.

Work which was to lead to the publication of AS8015 - 2005 Australian Standard for Corporate Governance of ICT commencd in 2002. The bubble had burst in 2000 and household names such as HIH, Ansett One.Tel, Enron and Worldcom had failed.

AS8015-2005, was published in January 2005. It is a brief and concise, 12 page guide to effectively governing the use of ICT. This standard positions the governance of Information and Communication Technology, within organisations, a Corporate Governance function.

"Corporate Governance of Information and Communication Technology (ICT) is the system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organization." - AS8015:2005

The AS8015 framework provides a model, vocabulary and six Principles for Good Governance of ICT

  1. Establish Clearly Understood Responsibilities for ICT
  2. Plan ICT to best support the organisation
  3. Acquire ICT validly
  4. Ensure that ICT performs well, whenever required
  5. Ensure ICT conforms with formal rules
  6. Ensure ICT respects human factors

The standard provides a framework for "Directors", those to whom they turn to for advice or those to whom they delegate responsibilities for managing the Security, Finances, IT strategy and operations of the organisation, such as Senior managers, technical specialists, vendors and service providers, to meet their obligations for the use of ICT in their organisations.

Relation to other Standards

AS8015 provides a context for existing management methodologies - specifically identifying four standards ISO 27000 (security management), ISO 9000(quality management), ISO 20000(service management) and AS4360 (Risk Management). It also identifies areas of Legislation which affects the ICT may be used - such as record keeping, trade practices, intellectual property and privacy.


AS8015 was submitted for fast-track ISO adoption and published, largely unchanged, as ISO/IEC 38500:2008 Corporate governance of information technology in May 2008.

Project and Operations Governance Standards

The AS8015 model categorises ICT activities into projects and operations - A Draft standard for "Corporate governance of projects involving information technology investments" was issued for public comment in August 2008.

Interim Australian/New Zealand StandardTM Corporate governance of projects involving information technology investments AS/NZS 8016(Int):2010 Expires 18 February 2012 Download Free Preview

Our Involvement

Ramin Communication's principal consultant, Marghanita da Cruz, joined the Standards Australia IT Governance working group in 2002. Marghanita instigated and co-ordinated market research to position and scope the work of the group. Between 2003 and 2006, Marghanita represented the Australian Computer Society (ACS) on the Standards Australia IT-030 ICT Governance and Management Committee. Marghanita established the ACS's Governance of ICT committee in 2003, and chaired it until 2006. In 2004, with the support of the ACS, Marghanita presented a series of seminars, to socialise and seek feedback on the draft standard for corporate governance of information and communication technology.

In 2005, Marghanita established the ICT Governance Forum online discussion list.

In 2006, Marghanita wrote the chapter on the Australian Standard for Cover of Frameworks for IT ManagementFrameworks for IT Management. Frameworks for IT Management, the book is also available in Japanese, German and Chinese and a Pocket Guide in English and Dutch.

Interview with GRC-ME (May 2010)

Further Reading

Contact for More Information

Marghanita da Cruz
Telephone: (+61) 0414 869 202
Post: PO Box 341 Annandale NSW Australia 2038