IT Services Governance: The Big Rules

I recently interviewed Bill Godfrey, CIO at Dow Jones, for a story I’m writing. Smart guy. We started talking about enterprise architecture and governance and he mentioned that he had developed a set of “Big Rules” for managing IT.

I was intrigued by the idea of creating a document that describes how IT is purchased, developed, installed and run. Seems like an impossibly complex task. But Bill did it. He generously agreed to share it with you.

Imagine being able to give businesspeople a single document that explains how IT works and what they need to do to get a project approved. Could be a great tool for building relationships with the business. Bill is looking for feedback on it, so please post comments.

INFORMATION TECHNOLOGY SERVICES GOVERNANCE

‘THE BIG RULES’

STRATEGIC PLANNING

• All technology divisions will have a documented Technology Plan.
• All technology divisions will have published goals and objectives.

PRODUCTION PRIORITIZATION

• Severity One production problems take resource precedent over all else. Management and staff will work on Severity One problems immediately and continually until resolved.

ENTERPRISE ARCHITECTURE

• All technology divisions will have a documented high level architecture.
• All technology divisions will adhere to infrastructure standards or seek exception approval.
• All technology projects over $250K in total cost must be approved through the Early Look Architecture Zoning process prior to capital approval submission.

PROJECT MANAGEMENT

• 100% adherence to the DJ Project Management process for all non-trivial development projects (projects estimated to take more than two weeks of staff time).
• All development projects will have a specifically identified business sponsor and a specifically identified technology project leader prior to initiation.
• All development projects requiring infrastructure support will directly involve infrastructure support staff during project initiation, giving the infrastructure staff an opportunity to directly participate in the design of systems solutions.

TIME MANAGEMENT

• All staff time will be appropriately entered into the IT Time Reporting system on a weekly basis.

TECHNOLOGY BUSINESS MANAGEMENT

• As represented in approved budgets, technology costs will not exceed plan unless explicit approval is granted by the CIO.
• Technology contracts will be managed and approved through Business Management services.
• All 3rd party contractors/consultants will sign NDA’s, managed under the non-employee security policy, and managed through the DJ preferred vendor program.

CAPITAL APPROVAL MANAGEMENT

• All projects will adhere to corporate Expenditure Authorization processes (EAF).
• All projects are required to have appropriate ITLST sign-offs prior to business line submission.
• For all projects requiring CIO approval, all staff work and ITSLT approvals will be complete prior to seeking CIO approval.
• Any project with a total cost of > $250K will be submitted to Finance for formal business case review.

REQUESTING PROPOSALS FROM 3RD PARTIES

• All requests for proposals from 3rd parties will be reviewed and approved by the CIO prior to execution.
• All requests for proposals from 3rd parties which could have DJ infrastructure implications will be reviewed and approved by Technology Engineering Services prior to execution.

RELATIONSHIP MANAGEMENT

• Business Technology Directors are 100% accountable for all technology, direct and indirect, in support of the business lines they support.
• Business Technology directors ‘own’ all business application vendor relationships.
• Enterprises Technology directors ‘own’ all infrastructure vendor relationships.

INFRASTRUCTURE MANAGEMENT

• Enterprise Infrastructure Services is 100% accountable for the DJ global infrastructure.
• Enterprise Information Services is the only organization that makes infrastructure decisions.
• Enterprise Information Services owns and manages all infrastructure capital.

COMPLIANCE WITH AUDIT, REGULATORY, LEGAL

• Information Technology Services will comply will all audit, regulatory and legal requirements.
• The IT senior leadership team is accountable for compliance.

OPERATIONS PROCEDURAL COMPLIANCE

• 100% compliance with Enterprise Change Control policy and procedure.
• All production applications will be supported by a Service Level Agreement.

INFORMATION SECURITY

• All technology staff will comply with the Dow Jones Information Security Policy.
• Information Security approval must be secured prior to implementing new technology or making major enhancements to existing technology. This review and approval is to take place before any informal or formal obligations are made between DJ and a supplier.
• All credential and access management to a financially significant application will be managed and controlled through Information Security.

SARBANES-OXLEY COMPLIANCE

• 100% compliance to all Sarbanes-Oxley controls
• All IT leaders will be thoroughly familiar with the IT General Control Policies; governance, project management, operations, access control and data management.
• All IT leaders, supervisor and above, are responsible and accountable for SOX compliance across their respective areas of control.