A Systems View of IS Governance and IT Governance: A Case Study of the Virginia Department of Transportation

Farkas, Bernard

01 January 2017

A review of the research related to Information Technology (IT) governance reveals that researchers have yet to use systems theory directly as a basis for understanding IT governance; however, analysis of these researchers’ various definitions of IT governance shows a concurrence between these definitions and the characteristics of a system. This case study research adopts a systems imagination to observe IS and IT governance in the Virginia Department of Transportation (VDOT), which has a budget of over $5 billion and over 7,500 employees and has recently conducted a strategic assessment of its IT organization - including IS and IT governance. The case study posits that VDOT is an indivisible, purposeful, goal seeking (teleological) system where (1) there are three peer elements (governance, management, and operations); (2) there is a governance feedback mechanism (auditing and monitoring); (3) there are peer areas within the governance element that are specialized for a VDOT asset (e.g., capital asset governance, financial governance, human resource governance, etc.) and IS governance is the peer area that is specialized for IT assets; and (4) there are sub-peer areas within IS governance that are specialized for an IT, and this specialized form of IS governance is named IT governance.

Systems Thinking

IS Governance

IT Governance

Case Study

Management Information Systems

Compliance issues within Europe's General Data Protection Regulation in the context of information security and privacy governance in Swedish corporations : A mixed methods study of compliance practices towards GDPR readiness

Stauber, Sebastian

January 2018

The European Union has introduced a new General Data Protection Regulation that regulates all aspects of privacy and data protection for the data of European citizens. To transition to the new rules, companies and public institutions were given two years to adapt their systems and controls. Due to the large area of changes the GDPR requires, many companies are facing severe problems to adapt the rules to be ready for enforcement. This marks the purpose of this study which is to look into compliance practices in the implementation of GDPR requirements. This includes a prospect of compliance mechanisms that may remain insufficiently addressed when the regulation comes into force on May 25, 2018. The study is conducted in Sweden and aims to investigate the situation in corporations and not in public institutions. Mixed methods have been applied by surveying and interviewing Swedish GDPR experts and consultants to gain an understanding of their view by using capability maturity scales to assess a variety of security processes and controls. The analysis shows a low implementation in GDPR requirements while having seen improvements over the past two years of transition. It points out that a holistic strategy towards compliance is mostly missing and many companies face obstacles that are difficult to overcome in a short period. This may result in non-compliance in many Swedish corporations after the regulation comes into force on May 25.

GDPR

Privacy

Data Protection

Information Security

Privacy Governance

Information Governance

IS Governance

IT Governance

IT Compliance

GDPR Implementation

Privacy Regulation

Economics and Business

Ekonomi och näringsliv