Information Technology Reference
In-Depth Information
Appendix G: iA Standards
Best practices references
Most people like the concept of
best practices
; the phrase has a nice sound and rings
of perfection as well as a
Ka-Ching!
price tag. As one executive put it as he inter-
rupted a presentation on best practices, “Stop right there! I can't afford best prac-
tices! I don't want best practices! I want
good enough
practices!” Although not likely
to build a successful marketing campaign with the tagline of “Buy our services
'cause they're darn well good enough!” one does understand the executive's posi-
tion. So, talk about best practices, but understand that in many situations
adequate
practices
are the compromise between cost and benefit.
Like so many popular buzz phrases, the meaning of
best practices
is vague. A
mention of best practices is the same as saying
they
,
he
,
she
, or some other indefinite
reference. The question is: What are best practices? Where does one find them?
Who else thinks they are best practices? The table below provides some references
to best practices and their sources. Each is a best practice according to the beholder.
ISO does not carry a lot of weight in the U.S. defense arena; they look more to
DoD Instructions and Directives. U.S. DoD Instructions do not carry a lot of
weight with an Australian company doing business on three continents.
Table G.1 provides the beginning of an IA standards best practices reference.
There are many IA standards; the applicability of any particular one is organiza-
tional and situational dependent. Commercial organizations tend toward interna-
tionally accepted standards like ISO or legislatively driven standards like COBIT.
489
