Administration of Sustainable Environmental Information ...Administration of Sustainable...

International Journal of Applied Environmental Sciences

ISSN 0973-6077 Volume 12, Number 1 (2017), pp. 57-97

© Research India Publications

http://www.ripublication.com

Administration of Sustainable Environmental

Information Technologies based on

COBIT5 E ISO 26000

Wilmer Braulio Rivas Asanza1, Ramiro Hernán Quezada Sarmiento2,

Edison Luis Lojan Cueva3, Nancy Magaly Loja Mora4,

Bertha Eugenia Mazon Olivo5.

1 Technical University of Machala, Ecuador. 2 Technical University of Machala, Ecuador. 3 Technical University of Machala, Ecuador. 4 Technical University of Machala, Ecuador. 5 Technical University of Machala, Ecuador.

Abstract

The study uses way as inputs of environmental aspects to the environmental

norm ISO 26000 and for Government aspects of IT to the frame of work Cobit

5.0:2012. This research work does not try to define what the best input would

be but to determine if it is feasible to incorporate aspects way environmental

into IT government and as study stage appeared to Cobit 5.0:2012 and the ISO

26000. This study work is one of the several for which environmental way will

change the input to itself of sustainability and the IT govern.

The study determines the activities of the environment and the IT government,

a mapping is realized to determine the activities of environment that are related

to those of IT government who allows to define limits to define the model of IT

government sustainable, this sustainable model will become stronger with

activities of IT government that need to be implemented by environmental

average approach, new activities of environment that joined IT government and

new process with targets I come up environmental for IT government.

The result of the work will allow to the companies to apply a IT government

frame with environmental average approach that they project to the sustainable

and efficient future, with aptitude to create managerial value for the

organizations and reduce costs to help to maintain the benefits.

Keywords: COBIT 5.0:2012, ISO 26000, Environment, Sustainability,

Government of Technologies of Information.

58 Wilmer Braulio Rivas Asanza et al.

INTRODUCTION

At present there are factors of risk of continuity of the business as: the deceleration in

China, the low oil prices and the geopolitical tensions. The International Monetary Fund

worried about these things warns the significant risks that run the main economies of

market and decrease of the world economic growth for 2016 and 2017, this current

economic environment, generates an ideal climate so that the organizations are

projected to a more sustainable and efficient future, with aptitude to create managerial

value for the organizations and reduce costs to help to maintain the benefits. [1 [] 2].

The sustainability is more and more important and it is considered to be a fundamental

competition of the high direction, it has a multidimensional affectation since it

generates changes in the commercialization, investment, innovation, managerial and

human conduct [2]

ISACA, in its article of sustainability [2], indexes the definition of the doctor

Norwegian Gro Harlem Brundtland where it indicates that the sustainability is “to

satisfy the needs for the present without compromising the aptitude of the future

generations to satisfy its needs” [3], while the International organization for

Standardization (ISO) and the European Union (EU) indicate that the sustainability

“implies a balanced approach so that the organizations integrate the worries of the

actors in the operations of the business, in a way that try to benefit the organization, as

well as to its internal and external actors” [4] ISACA 2011 supports that the

sustainability is related to the normative fulfillment, the managerial ethics and the

environment, as for the sustainability terminology that it relates to “Triple P” (persons,

planet and profit), “managerial social responsibility” (RSE) and “be ecological” [2]

The Technology has turned into an authentic strategic ally of the companies, beyond a

simple support. That's why it is necessary that the information Systems of the company

provide the value and the efficiency that both the business and the users demand. To

confirm it, it is advisable to realize first of all a process of evaluation and diagnosis of

the Government of the Information technologies (from now on, IT) of the organization.

The analysis of the IT Government, in the frame of a strategic reflection, is going to

allow identifying the valuable aspects according to the contribution of optimization of

the IT function inside the organizations that want to compete at the first level. [3].

In this stage, they introduce the concept of IT Government as the person in charge of

integrating and of institutionalizing good IT management practices to guarantee that

IT’s in the company are the targets of the business support them and one makes use to

the maximum of its information, the benefits are maximized, the opportunities are

capitalized and competitive advantages are gained.

The contribution of this work is a frame of IT Government of Sustainable which allows

focusing IT Government aspects with perspective Environmental Way generating a

contribution to the investigations in the field of computing sustainability.

Administration of Sustainable Environmental Information Technologies… 59

In this field the investigations show that [5], until the year 2011 there are multiple

efforts in Green IT but models are missing, [6]There is a study in which one determines

that only 36 articles have been published, in which the investigation is related to

technology and environment and they analyze many of them from the partial point of

view, for example they treat as computers more efficient “energetically” , servants'

virtualization and other most technical aspects that center on the components being the

same weakness of the sustainability without considering environmental way from an

integral aspect, [7] it realizes a mapping between COBIT5.0, COBIT4.1 and GRI G4

but it does not conclude with any model solution, [8] this one study checks IT out-

standing government frame, COBIT 5, to determine the grade in which one supports

dimensions of the sustainability, especially in the related thing to the acquisition, use

and disposition of the assets of IT. Based on the analyses, one concludes that COBIT

5 does not tackle appropriately the aspects of sustainability that the organizations face

nowadays.

COBIT 5.0 Sustainable Limitations. The authors of the reference [8] affirm that COBIT

5.0:2012 has a sustainability deficit, because this one marked of government it does not

bear in mind the environment and, partly, the social aspects of the triple line of base.

“This defeat owes principally to the absence between the environmental and social

alignment, and the needs and targets inside COBIT 5.0:2012” [9].

Square1: COBIT 5.0:2012 Limitations

No.° Limitations

1 The absence of emphasis on the attitude of the organization towards the

sustainability.

2 IT politics that surround the origin, use and disposition of the IT assets do not

bear in mind the sustainability.

3 The absence of emphasis on application of sustainable IT politics on the daily

operations of an organization.

4 The absence of emphasis on importance of the sustainable IT practices to

guarantee the safety of the environment.

5 The absence of consideration of the responsibility of the organization of the

society to act in a sustainable way.

6 The absence of considerations of insurance with a sustainable approach.

7 The absence of emphasis on the interdependences between the business and the

environment in which it operates

8 The sustainability is not considered like a problem of managerial management.

9 Lacking in support to the control and the application of the management of the

sustainable information

10 Narrow application to support the control and the implementation of an

information system, sustainable

Source: [8]


2. BACKGROUND

Develop the sustainability.

This is what it contributes, that an organization could attend to its needs, those of the

current generations and those of the future generations without these turning out to be

affected, across the delivery of economic, social and environmental benefits and this

way improve across the time the human and environmental well-being, therefore at

present the emergence of a new relation is valuable significantly between the man and

the environment, which is captured inside what comprises the sustainable development

in the last decade of last century and of the current one [10 [] 11] .

Sustainability tries to maintain a system with a complete structure across the time. A

sustainable system treats itself of surviving in not definite time, trying to avoid the

resources extinction while in the economic ambience it means that one prevents the

uses of resources from producing disruptions and collapses in the system [12].

Figure1:

Dimension of the sustainability business.

Source: The challenges for the sustainability business in the 21th century [10]

Norm ISO 26000

The norm ISO 26000 is a responsibility guide faced to the management of the integral

Social responsibility developed by means of the making and with a global approach, of

the multiple interested parts directed by the International organization of

Standardization (ISO) and that also it contributes to a sustainable development, since

includes social, economic and environmental ambiences.

The main target of this norm is offering support to the organizations so that they manage

to contribute to the sustainable development, in addition to serving like advice

instrument so that they could observe the social, environmental diversity, economic,

juridical, cultural, political and organizational of the countries in which they operate,

maintaining coherence with the international norms of behavior [15].

Economics

EnviromentSocial


Govern of IT.

IT government, there are relations and processes that help the organization to reach its

targets by means of the creation of value and establishment of a balance between the

risks, the comeback of IT and its processes in order to promote a desirable conduct on

the use of IT. That is to say that insures himself of evaluating the needs for the

interested parts, the conditions and options to determine balanced and of agreed form

the targets of the company that is chased; to establish the direction across establishment

of priorities and the decision making; monitoring the performance and the fulfillment

of agreed targets [16 [] 17] .

Sustainability in IT government context. “The Sustainability presented in IT

governments is a way in which these companies achieve major profitability, many

companies are creating structures of government that encourage the behavior that

takes to the attainment of the targets of yield of the business of the company” [18], by

what there is defined a government of sustainable IT as that one who encourages a

behavior wished in the use of IT

It is important to mention that sustainable IT “minimize the damage to the environment,

in addition to changing the way that the companies carry out its activities and they

invite the companies to promote low emission, as well as to save money and to leave a

less trace in the environment, while it strains for expiring with the corporate targets.”

[19]

It is necessary to emphasize that strategy of a IT sustainable debit to be aligned by the

strategy of sustainability of the whole company, for the purpose of minimizing the

negative economic, environmental and social impacts of an activity. [6]

Cobit5:2012.

It represents a frame for IT government, and the set of hardware destined to give

support to the managers to diminish any type of existing distance between the targets

of business, the technical questions and the businesses risks, also it allows the

development of political and good practices that guarantee a better control of the

technologies of information in any company or organization, emphasizing the

fulfillment of the regulations and of such a way supports in the creation of values of the

organization from IT, in the management of the risk and to guarantee the fulfillment,

continuity, availability, safety and privacy. COBIT5:2012 is the only frame that it

integrates several standard and IT better practices, since it includes all the knowledge

of the frame of ISACA [20].

Values: Relatively to the previous versions, COBIT5:2012 it presents new conceptual

ideas, between which he proposes the beginning that 3, [21] mention in Square 1.


Square 1: Beginning of COBIT5:2012.

No. Values Description

1 To satisfy the needs

for the interested

parts

It focuses so much in the targets in cascade as in the

value creation between the actors who can wait for IT

values variety.

2 To cover the

company end - a-

extremo

It indicates that COBIT does not focus only on IT

department, if not that in fact the whole company

includes for which also provides a handlebar for the

integration of the managerial management and the

creation of value by means of the specification of the

functions, to activities and relations.

3 To apply the only

reference frame

integrated.

It exhibits that the COBIT target is, to be a reference

frame and to facilitate an integration handlebar for its

use with other frames.

4 To make an approach

possible holístico

It exhibits as there are related the components of the

government of technologies of information and provide

a set of critical factors of success.

5 To separate the

government of the

management

It indicates that COBIT5:2012, the governance and the

management separates clearly.

Source: It governance implementation: a tool design of COBIT5 roadmap [21].

IT processes of Government of COBIT

According to [22], COBIT5:2012, it maintains separated the areas of government and

management, of which the government area is provided with five processes that the

called domino covers to evaluate, to direct and to continue (EDM) which are:

Domain Process Description of the process

EDM01 To guarantee the

configuration and the

maintenance of the

structure of government

He analyzes and articulates the requests for IT

government of the company and starts and

keeps the structures, processes and practices

effective facilitators, with clarity of the

responsibilities and the authority to reach the

mission, the goals and targets of the company

EDM02 To assure the benefits

delivery

To optimize the contribution to the value of

the business from the processes of business, of

IT services and things of IT of the investment

done by IT to a few acceptable costs

EDM03 To guarantee the risk

optimization

To make sure than the appetite and the

tolerance to the risk of the company be

understood, articulate and communicate and


that the risk for the value of the company

related to the use of IT is identified and

managed.

EDM04 To assure the resources

optimization

To assure that the suitable ones and enough

capacities related to IT (persons, processes

and technologies) are available for supporting

efficiently the targets of the company to an

ideal cost

EDM05 To guarantee the

transparence interested

parts

To make sure that the measurement and

making of reports as for conformity and IT

performance of the company are transparent,

with approval on the part of the interested

parts of the goals, the metric ones and the

necessary actions

Source: [23]

Mapeo between the activities of the process EDM01 of COBIT5:2012 and the guide of

social responsibility ISO26000:2010

COBIT5:2012

ISO26000:2010

EDM01 - to Assure the Establishment and Maintenance of the Frame of Government

To evaluate To face To supervise

1.

To a

nal

yze

and t

o i

den

tify

the

fact

ors

of

the

inte

rnal

and e

xte

rnal

envir

onm

ent

(leg

al,

contr

actu

al a

nd r

egula

tiv

e obli

gat

ions)

and t

enden

cies

in t

he

envir

onm

ent

of

the

busi

nes

s th

at

can i

nfl

uen

ce t

he

des

ign o

f th

e gover

nm

ent.

2.

To d

eter

min

e IT

rel

evan

cy a

nd i

ts r

ole

wit

h r

egar

d t

o t

he

busi

nes

s.

3.

To c

onsi

der

th

e ex

tern

al r

egula

tions,

leg

al a

nd c

ontr

actu

al o

bli

gat

ions

and t

o d

eter

min

e how

they

must

be

appli

ed i

n I

T g

over

nm

ent

of

the

com

pan

y.

4.

To a

lign t

he

use

and t

he

ethic

al p

rose

cuti

on o

f th

e in

form

atio

n a

nd i

ts i

mpac

t in

the

soci

ety,

in t

he

nat

ura

l en

vir

onm

ent

and t

he

inte

rest

s of

the

inte

rnal

and e

xte

rnal

inte

rest

ed p

arts

wit

h

the

targ

ets,

vis

ion a

nd d

irec

tion o

f th

e co

mpan

y.

5.

To d

eter

min

e th

e im

pli

cati

ons

of

the

envir

onm

ent

of

join

t co

ntr

ol

of

the

com

pan

y w

ith w

ith

regar

d t

o I

T.

6.

To a

rtic

ula

te t

he

beg

inn

ing t

hat

wer

e guid

ing t

he

des

ign o

f th

e dec

isio

n m

akin

g o

n I

T

gover

nm

ent.

7.

To u

nder

stan

d t

he

man

ager

ial

cult

ure

of

the

dec

isio

n m

akin

g a

nd t

o d

eter

min

e an

idea

l

model

in t

he

dec

isio

n m

akin

g f

or

IT.

8.

To d

eter

min

e th

e le

vel

s ad

apte

d f

or

the

del

egat

ion o

f au

thori

ty, in

cludin

g r

ule

s of

thre

shold

s, f

or

the

dec

isio

ns

of

IT.

1.

To c

om

munic

ate

IT b

egin

nin

g o

f th

e gover

nm

ent

and t

o a

gre

e w

ith t

he

exec

uti

ve

agen

t th

e

way

of

esta

bli

shin

g a

n i

nfo

rmed

and a

wkw

ard l

eader

ship

.

2.

To e

stab

lish

or

to d

eleg

ate

the

esta

bli

shm

ent

of

the

stru

cture

s, p

roce

sses

and p

ract

ices

of

the

gover

nm

ent

in l

ine

wit

h t

he

agre

ed b

egin

nin

g o

f des

ign.

3.

To a

ssig

n r

esponsi

bil

ity,

auth

ori

ty a

nd t

he

resp

onsi

bil

ity o

f w

hic

h t

her

e ar

e ap

pli

ed t

he

beg

innin

g o

f des

igns

of

gover

nm

ent,

the

agre

ed m

odel

s of

captu

re o

f dec

isio

n a

nd o

f

del

egat

ion.

4.

To g

uar

ante

e th

at t

he

mec

han

ism

s of

noti

fica

tion a

nd o

f co

mm

unic

atio

n p

rovid

e in

form

atio

n

adap

ted t

o t

hose

wit

h t

he

resp

onsi

bil

ity o

f th

e su

per

vis

ion a

nd d

ecis

ion m

akin

g.

5.

To f

ace

to t

he

per

sonnel

so t

hat

it

conti

nues

the

exce

llen

t guid

elin

es f

or

an e

thic

al a

nd

pro

fess

ional

beh

avio

r an

d t

o g

uar

ante

e th

at t

he

conse

quen

ces

of

not

fulf

illm

ent

are

know

n a

nd

be

resp

ecte

d.

6.

To f

ace

the

esta

bli

shm

ent

of

a sy

stem

of

rew

ard t

o p

rom

ote

the

des

irab

le c

ult

ura

l ch

ang

e.

1.

To e

val

uat

e th

e ef

fect

iven

ess

and y

ield

of

the

inte

rest

ed p

arts

in w

hic

h r

esponsi

bil

ity a

nd

auth

ori

ty h

as b

een d

eleg

ated

for

IT g

over

nm

ent

of

the

com

pan

y.

2.

To e

val

uat

e per

iodic

ally

if

the

mec

han

ism

s fo

r IT

gover

nm

ent

agre

ed (

stru

cture

s, b

egin

nin

g,

pro

cess

es,

etc

.) a

re e

stab

lish

ed a

nd o

per

atin

g r

eall

y.

3.

To e

val

uat

e th

e ef

fect

iven

ess

of

the

des

ign o

f th

e gover

nm

ent

and t

o i

den

tify

the

acti

ons

to

rect

ify a

ny d

evia

tion.

4.

To m

ainta

in t

he

super

vis

ion

on t

he

poin

t up t

o w

hic

h i

t. I

T s

atis

fies

the

obli

gat

ions

(reg

ula

tions,

leg

isla

tions,

com

mon,

contr

actu

al l

aws)

, in

tern

al,

stan

dar

d p

oli

tics

and

pro

fess

ional

guid

elin

es.

5.

To p

rovid

e su

per

vis

ion o

f th

e ef

fect

iven

ess

of,

and t

he

fulf

illm

ent,

wit

h t

he

syst

em o

f

contr

ol

of

the

com

pan

y.

6.

To s

uper

vis

e th

e ro

uti

ne

and r

egula

r m

echan

ism

s to

guar

ante

e th

at t

he

use

of

IT e

xpir

es w

ith

the

exce

llen

t obli

gat

ions

(reg

ula

tive,

leg

isla

tion,

com

mon,

contr

actu

al l

aws)

, st

andar

ds

and

guid

elin

es.

1. Company or Organization

1.1 To establish Timetable of

Activities.

1.2 Definition of the Intention of

the organization.

1.3 Analysis and Definition of the

Scope of the organization.

2. Recognition of Environmental responsibility

2.1 Recognition of the Interested

parts and its interests.


2.2 To identify the activities of

the organization and of the

interested parts.

2.3 To identify the laws and

applicable regulations.

2.4 To check the fulfillment grade

with regard to the environmental

laws.

2.5 To spread the relation

between the interests of the

interested parts and the

organization, as well as its

fulfillment grade with the

environmental laws.

3. Prevention of the contamination

3.1 To identify aspects and

impacts of the decisions and

activities.

3.2 To identify the sources of

contamination and residues.

3.3 To identify and avoid the use

of chemicals prohibited by the law.

3.4 To measure and register the

significant sources of contamination

and its risks in the environment.

3.5 To establish and implement

measurements to prepare the

contamination.


prevention programs before accidents.

3.7 To report about the significant

sources of contamination, risks and

adopted measurements.

4. Sustainable use of the resources

4.1 To identify the used natural

resources.

4.2 To measure, register and

inform the environmental impact of

the use of the natural resources.

4.3 To establish and to implement

efficiency measurements for the use

of natural resources.

4.4 To identify alternatives for the

sustainable natural resources consumption.

4.5 To establish evaluation

schemes to promote the sustainable

procurement.

4.6 To report about the use of natural resources, impacts and


5. Protection of the environment, the biodiversity and restoration of the natural habitats

5.1 Mitigation of the climate change

5.1.1 To identify sources of

emission of GEI (Gases of effect of

Hothouse).

5.1.2 To measure and register the

emission of GEI in the organization

and its environmental impact.

5.1.3 To establish and to implement

measurements to minimize and to

prepare the GEI emission in the

organization.

5.1.4 To identify aspects of the use of fuels with approach to the life


cycle and to implement programs of

efficient progress.

5.1.5 Rationalization of energy means inside the organization.

5.1.6 To inform the emission of

GEI in the organization and the


5.2 Adaptation to the climate change

5.2.1 To analyze and identify

irrigations and opportunities in the

environment and its possible climate

changes to minimize damages.

5.2.2 To establish and implement measurements for the adaptation

before the climate change.

6 Protection of the environment, the biodiversity and restoration of the natural habitats

6.1 To identify and take measures

on the possible impacts to the ecosystem.


Strategies of Administration of

Ecosystems.

6.3 To analyze, to Establish and implement measurements of

protection, of the possible affected

ecosystems.


measurements for the prevention

and minimization of the possible

impacts in the affected ecosystems.

6.5 Report of results and the

measurements taken before the

analysis of the possible affected

ecosystems.

7. Pursuit and Control

7.1 To realize reports of pursuit of

performance of the matters of

environmental responsibility.

7.2 To obtain cross-check of the

information obtained on the part of the interested parties and to exhibit

the points that are not included.

Source: Proper making based on the guide of social responsibility ISO26000:2010 [24] and COBIT5:2012 [23].


Mapping between the activities of the process EDM02 of COBIT5:2012 and the guide

of social responsibility ISO26000:2010

COBIT5:2012

ISO26000:2010

EDM02 - to Assure the Delivery of Benefits

EDM02.01 - to Evaluate EDM02.02 - to Face EDM02.03 – to

Supervise

1.

To u

nder

stan

d t

he

requ

ests

of

the

inte

rest

ed p

arts

; IT

str

ateg

ic t

op

ics

such

lik

e th

e d

epen

den

ce o

n I

T;

and

to

un

der

stan

d t

he

tech

nolo

gy a

nd

its

cap

acit

ies

consi

der

ing I

T c

urr

ent

and

po

ten

tial

im

po

rtan

ce f

or

the

stra

teg

y o

f th

e co

mp

any

2.

To u

nder

stan

d t

he

key

ele

men

ts o

f g

ov

ern

men

t n

eces

sary

fo

r th

e ef

fect

ive

tru

stw

ort

hy

, su

re d

eliv

ery

an

d c

ost

of

an i

dea

l val

ue

for

IT u

se o

f th

e se

rvic

es,

asse

ts

and e

xis

ting a

nd p

ote

nti

al

reso

urc

es.

3.

To u

nder

stan

d a

nd t

o d

iscu

ss r

egu

larl

y t

he

op

po

rtu

nit

ies

that

mig

ht

aris

e fr

om

th

e ch

ang

es e

nab

led

in

th

e co

mp

any b

y t

he

curr

ent,

new

or

emer

gen

t te

chnolo

gie

s

and o

pti

miz

e th

e val

ue

crea

ted

by

th

ese

op

po

rtu

nit

ies.

4.

To u

nder

stan

d w

hat

is

un

der

sto

od

by

val

ue

in t

he

com

pan

y a

nd

to

th

ink

ho

w o

f g

oo

d o

ne

has

co

mm

un

icat

ed,

un

der

stood a

nd a

ppli

ed a

cross

the

pro

cess

es o

f th

e

com

pan

y.

5.

To e

val

uat

e th

e ef

fect

iven

ess

of

the

inte

gra

tio

n a

nd

IT

ali

gn

men

t o

f th

e st

rate

gie

s in

th

e co

mp

any

an

d w

ith

th

e ta

rget

s of

the

com

pan

y t

o c

ontr

ibute

val

ue.

6.

To u

nder

stan

d a

nd t

o t

hin

k h

ow

eff

ecti

ve a

re t

he

roll

s, r

esp

on

sib

ilit

ies,

all

oca

tio

ns

and

cu

rren

t o

rgan

ism

s o

f d

ecis

ion m

akin

g a

ssuri

ng t

he

crea

tion o

f val

ue

of

the

inves

tmen

ts,

serv

ices

and a

sset

s o

f y

ou

.

7.

To

thin

k h

ow

quit

e al

ign

ed i

s IT

man

agem

ent

of

the

inv

estm

ents

, se

rvic

es a

nd

ass

ets

wit

h t

he

man

agem

ent

of

val

ue

and t

he

pra

ctic

es o

f fi

nan

cial

man

agem

ent

8.

To e

val

uat

e th

e al

ignm

ent

of

the

bri

efc

ase

of

inv

estm

ents

, se

rvic

es a

nd

ass

ets

wit

h t

he

stra

teg

ic t

arg

ets

of

the

com

pan

y;

wit

h t

he

finan

cial

and n

ot

finan

cial

val

ue

of

the

com

pan

y;

wit

h t

he

risk

, so

mu

ch f

rom

ser

vic

e as

to

th

at o

f th

e b

enef

it;

wit

h t

he

bu

sin

ess

pro

cess

es;

the

effe

ctiv

enes

s in

ter

ms

of

usa

bil

idad

, av

aila

bil

ity a

nd

resp

onsi

bil

ity;

and e

ffic

ien

cy i

n c

ost

ter

ms,

red

un

dan

cy a

nd

tec

hn

ical

hea

lth

. 1.

To d

efin

e an

d t

o c

om

mu

nic

ate

the

po

rtfo

lio

an

d t

he

typ

es o

f in

ves

tmen

t, c

ateg

ori

es,

crit

eria

an

d w

eig

hti

ng

rel

ativ

e to

the c

rite

ria

that

should

all

ow

punct

uat

ions

of

rela

tive

val

ues

. 2.

To d

efin

e th

e re

ques

ts f

or

the

ph

ase

chan

ges

(st

age-g

ate)

an

d o

ther

rev

iew

s fo

r th

e im

po

rtan

ce o

f th

e in

ves

tmen

t fo

r th

e co

mpany a

nd t

he

asso

ciat

e ri

sk,

tim

etab

le o

f th

e pro

gra

m,

pla

ns

of

fin

anci

ng

an

d t

he

del

iver

y o

f k

ey c

apac

itie

s an

d b

enef

its

and

th

e co

ntr

ibu

tio

n c

onti

nued

to t

he

val

ue.

3.

To f

ace

to t

he

dir

ecti

on

to

co

nsi

der

po

ten

tial

use

s o

f IT

in

no

vat

ors

th

at t

hey

sh

ou

ld m

ake

po

ssib

le t

hat

th

e co

mp

any a

nsw

ers

to n

ew o

pport

unit

ies

and c

hal

lenges

,

carr

ies

out

new

busi

nes

s, i

ncr

ease

s th

e co

mp

etit

iven

ess

or

imp

rov

es

its

pro

cess

es.

4.

To f

ace

the

nec

essa

ry c

han

ges

in

th

e al

loca

tio

n o

f im

pu

tati

on

s an

d r

esp

on

sib

ilit

ies

in t

he

exec

uti

on

of

the

bri

efca

se o

f in

ves

tmen

ts a

nd t

he

del

iver

y o

f val

ue

from

the

serv

ices

and b

usi

nes

s p

roce

sses

. 5.

To d

efin

e an

d t

o c

om

mu

nic

ate

at c

om

pan

y l

evel

th

e ta

rget

s o

f d

eliv

ery

of

val

ue

and

th

e re

sult

s m

easu

rem

ents

to

all

ow

an e

ffec

tive

contr

ol.

6.

To f

ace

the

nec

essa

ry c

han

ges

in

th

e p

ort

foli

o o

f in

ves

tmen

ts a

nd

ser

vic

es f

or

real

inea

rlo

s w

ith

th

e cu

rren

t an

d a

wai

ted t

arget

s of

the

com

pan

y a

nd/o

r it

s

lim

itat

ions.

7.

To r

ecom

men

d t

he

con

sid

erat

ion

of

po

ten

tial

in

no

vat

ion

s, o

rgan

izat

ion

al c

han

ges

or

op

erat

ive

pro

gre

ss t

hat

fro

m t

he

init

iati

ves

IT

could

im

pel

a v

alue

incr

ease

for

the

com

pan

y.

1.

To d

efin

e a

bal

ance

d s

et o

f ta

rget

s o

f p

erfo

rman

ce,

met

ric,

go

als

and

po

ints

of

refe

ren

ce.

the

met

ric

on

es s

ho

uld

cover

the

acti

vit

y a

nd t

he

resu

lts

mea

sure

men

t,

incl

udin

g t

he

ind

icat

ors

of

del

ay a

nd

of

adv

ance

of

the

resu

lts,

as

wel

l as

a s

uit

able

bal

ance

of

the

fin

anci

al a

nd

no

t fi

nan

cial

mea

sure

men

ts.

To c

hec

k t

hem

and t

o

agre

e th

em w

ith Y

OU

R f

un

ctio

ns

and

of

bu

sin

ess,

an

d o

ther

ex

cell

ent

inte

rest

ed p

arts

. 2.

To g

ather

the

per

tinen

t, o

pp

ort

un

e, f

inis

hed

, tr

ust

wo

rth

y a

nd

pre

cise

in

form

atio

n t

o r

epo

rt o

n t

he

adv

ance

s in

th

e val

ue

del

iver

y w

ith r

egar

d t

o t

he

targ

ets.

To

obta

in t

he

succ

inct

one,

of

hig

h l

evel

, fi

nis

hed

sig

ht

of

the

po

rtfo

lio

, p

rog

ram

an

d p

erfo

rman

ce I

T (

tech

nic

al a

nd

op

erat

ive

capac

itie

s) t

hat

support

the

dec

isio

n

mak

ing a

nd m

ake

sure

th

at t

he

awai

ted

res

ult

s ar

e ac

hie

ved

. 3.

To o

bta

in h

abit

ual

and e

xce

llen

t IT

rep

ort

s o

f th

e p

ort

foli

o,

pro

gra

m a

nd

per

form

ance

(tec

hn

olo

gic

al a

nd

fu

nct

ional

). T

o c

hec

k t

he

pro

gre

ss o

f th

e co

mpan

y

tow

ards

the

iden

tifi

ed t

arg

ets

and

th

e g

rad

e in

wh

ich

th

e d

ue

targ

ets

are

reac

hed

, th

e o

bta

ined

en

treg

able

s, t

he

reac

hed

tar

get

s of

yie

ld a

nd t

he

mit

igat

ed r

isk.

4.

Aft

er t

he

revie

w o

f th

e re

po

rts,

to

tak

e th

e ad

apte

d m

anag

emen

t m

easu

res

as i

t is

nec

essa

ry t

o a

ssu

re t

hat

th

e v

alue

should

be

opti

miz

ed.

5.

Aft

er t

he

revie

w o

f th

e re

po

rts,

mak

e su

re t

hat

th

e ap

pro

pri

ate

corr

ecti

on

al p

oli

cies

are

in

itia

ted

an

d c

on

tro

lled

.


1.4 To establish Timetable of

Activities.

1.5 Definition of the Intention of

the organization.

1.6 Analysis and Definition of the

Scope of the organization.



2.1 Recognition of the Interested

parts and its interests.

2.2 To identify the activities of the

organization and of the interested

parts.

2.3 To identify the laws and

applicable regulations.

2.4 To check the fulfillment grade

with regard to the environmental

laws.

2.5 To spread the relation between

the interests of the interested parts

and the organization, as well as its

fulfillment grade with the

environmental laws.


3.1 To identify aspects and

impacts of the decisions and

activities.

3.2 To identify the sources of

contamination and residues.

3.3 To identify and avoid the use

of chemicals prohibited by the law.

3.4 To measure and register the

significant sources of contamination

and its risks in the environment.


measurements to prepare the

contamination.


prevention programs before

accidents.

3.7 To report about the significant

sources of contamination, risks and



4.1 To identify the used natural

resources.

4.2 To measure, register and

inform the environmental impact of



efficiency measurements for the use


4.4 To identify alternatives for the

sustainable natural resources

consumption.

4.5 To establish evaluation

schemes to promote the sustainable

procurement.

4.6 To report about the use of

natural resources, impacts and




5.1.1 To identify sources of emission

of GEI (Gases of effect of

Hothouse).

5.1.2 To measure and register the

emission of GEI in the organization


5.1.3 To establish and to implement

measurements to minimize and to


prepare the GEI emission in the

organization.

5.1.4 To identify aspects of the use

of fuels with approach to the life

cycle and to implement programs of

efficient progress.

5.1.5 Rationalization of energy

means inside the organization.

5.1.6 To inform the emission of GEI

in the organization and the adopted

measurements.


5.2.1 To analyze and identify

irrigations and opportunities in the

environment and its possible climate

changes to minimize damages.

5.2.2 To establish and implement

measurements for the adaptation

before the climate change.


6.1 To identify and take measures

on the possible impacts to the

ecosystem.


Strategies of Administration of

Ecosystems.

6.3 To analyze, Establish and

implement measurements of

protection, of the possible affected

ecosystems.


measurements for the prevention and

minimization of the possible impacts

in the affected ecosystems.

6.5 Report of results and the

measurements taken before the

analysis of the possible affected ecosystems.


7.1 To realize reports of pursuit of

performance of the matters of


7.2 To obtain cross-check of the

information obtained on the part of the interested parties and to exhibit

the points that are not included.





COBIT5:2012

ISO26000:2010

EDM03 - to Assure the Optimization of the Risk


1. T

o d

eter

min

e th

e le

vel

of

risk

s re

late

d t

o I

T t

hat

th

e co

mpan

y i

s re

ady t

o t

ake

up o

ffic

e to

expir

e w

ith i

ts t

arg

ets

(app

etit

e of

risk

).

2. T

o e

val

uat

e an

d t

o s

up

po

rt p

ropo

sal

of

thre

sho

lds

of

tole

ran

ce t

he

risk

IT

opposi

te t

o t

he

acce

pta

ble

lev

els

of

risk

and

op

po

rtu

nit

y f

or

the

com

pan

y.

3. T

o d

eter

min

e IT

gra

de

of

alig

nm

ent

of

the

stra

tegy

of

risk

s w

ith

the

stra

tegy

of

man

ager

ial

risk

s.

4. T

o e

val

uat

e pro

acti

vam

ente

th

e ri

sk f

acto

rs I

T b

efo

re t

he

han

gin

g s

trat

egic

dec

isio

ns

on

th

e co

mp

any a

nd t

o

mak

e su

re t

hat

the

dec

isio

ns

of

the

com

pan

y t

ake

consc

ious

of

the

risk

s.

5. T

o d

eter

min

e if

the

use

of

IT i

s su

bje

ct t

o a

n e

val

uat

ion

and

su

itab

le e

val

uat

ion

of

risk

, ac

cord

ing

to

th

e d

escr

ibed

in e

xce

llen

t nat

ional

an

d i

nte

rnat

ion

al s

tand

ards.

6

. T

o e

val

uat

e th

e ac

tivit

ies

of

man

agem

ent

of

risk

s to

gu

aran

tee

its

alig

nm

ent

wit

h t

he

cap

acit

ies

of

the

com

pany

for

the

loss

es r

elat

ed t

o I

T a

nd

th

e to

lera

nce

of

the

lead

ers

to t

he

sam

e on

es.

1. T

o p

rom

ote

a c

ult

ure

of

the

risk

s IT

an

d t

o i

mpel

th

e co

mp

any

to a

pro

acti

ve

risk

id

enti

fica

tion o

f IT

,

oppo

rtu

nit

ies

and p

ote

nti

al i

mp

acts

in

the

busi

nes

s.

2. T

o f

ace

the

inte

gra

tion

of

the

op

erat

ion

s an

d I

T r

isk

s st

rate

gy

wit

h t

he

dec

isio

ns

and

str

ateg

ic m

anag

eria

l

oper

atio

ns.

3

. T

o f

ace

the

mak

ing o

f p

lans

of

com

mu

nic

atio

n o

f ri

sks

(co

ver

ing

all

th

e le

vel

s o

f th

e co

mp

any

), a

s w

ell

as t

he

pla

ns

of

acti

on

of

risk

. 4

. T

o f

ace

the

imp

lanta

tion

of

mec

han

ism

s ad

apte

d t

o a

nsw

er q

uic

kly

to

th

e ch

angea

ble

ris

ks

and

to

no

tify

imm

edia

tely

at

the

adap

ted

man

agem

ent

lev

els,

su

ppo

rted

beg

innin

g o

f cl

imb

ed a

gre

ed (

than

to r

eport

, w

hen

, w

her

e

and

ho

w).

5

. T

o f

ace

so t

hat

th

e ri

sk, th

e op

po

rtun

itie

s, t

he

pro

ble

ms

and

wo

rrie

s co

uld

be

iden

tifi

ed a

nd

no

tifi

ed b

y a

ny

per

son i

n a

ny m

om

ent.

Th

e ri

sk m

ust

be

man

aged

in a

cco

rdan

ce w

ith

th

e po

liti

cs a

nd

pro

cedu

res

rele

ased

and

clim

bed

to t

he

exce

llen

t dec

iso

res

6. T

o i

den

tify

th

e ta

rget

s an

d k

ey i

nd

icat

ors

of

the

pro

cess

es o

f gov

ern

men

t an

d m

anag

emen

t o

f ri

sks

to b

e

monit

ore

d a

nd t

o a

pp

rov

e th

e ap

pro

aches

, m

ethods,

sk

ills

an

d p

roce

sses

to

cap

ture

and

to n

oti

fy t

he

mea

sure

men

t

info

rmat

ion

. 1

. T

o s

up

erv

ise

unti

l poin

t m

anag

es t

he

risk

pro

file

in

sid

e th

e th

resh

old

s of

app

etit

e o

f ri

sk.

2. T

o s

up

erv

ise

the

goal

s an

d m

etri

c k

ey o

f m

anag

emen

t of

the

pro

cess

es o

f go

ver

nm

ent

and

man

agem

ent

of

the

risk

wit

h r

egar

d t

o t

he

targ

ets,

to

anal

yze

th

e ca

use

s of

the

dev

iati

ons

and t

o i

nit

iate

co

rrec

tion

al p

oli

cies

to

tac

kle

the

un

der

lyin

g c

ause

s.

3. T

o f

acil

itat

e th

e re

vie

w o

n t

he

mai

n i

nte

rest

ed p

arts

of

the

pro

cess

of

the

com

pan

y t

ow

ard

s th

e id

enti

fied

tar

get

s.

4. T

o i

nfo

rm a

ny p

roble

m o

f m

anag

emen

t o

f ri

sks

to t

he

Ad

vic

e o

r to

the

Com

mit

tee

of

Dir

ecti

on

.


1.1 To establish Timetable of Activities.

1.2 Definition of the Intention of the

organization.

1.3 Analysis and Definition of the Scope of the

organization.


2.1 Recognition of the Interested parts and its

interests.

2.2 To identify the activities of the organization

and of the interested parts.

2.3 To identify the laws and applicable

regulations.

2.4 To check the fulfillment grade with regard to

the environmental laws.

2.5 To spread the relation between the interests of

the interested parts and the organization, as well as

its fulfillment grade with the environmental laws.



3.1 To identify aspects and impacts of the

decisions and activities.

3.2 To identify the sources of contamination and

residues.

3.3 To identify and to avoid the use of chemicals

prohibited by the law.

3.4 To measure and register the significant

sources of contamination and its risks in the

environment.

3.5 To establish and implement measurements to

prepare the contamination.

3.6 To establish and implement prevention

programs before accidents.

3.7 To report about the significant sources of contamination, risks and adopted measurements.


4.1 To identify the used natural resources.

4.2 To measure, register and inform the

environmental impact of the use of the natural

resources.

4.3 To establish and implement efficiency

measurements for the use of natural resources.

4.4 To identify alternatives for the sustainable

natural resources consumption.

4.5 To establish evaluation schemes to promote

the sustainable procurement.

4.6 To report about the use of natural resources,

impacts and adopted measurements.



5.1.1 To identify sources of emission of GEI

(Gases of effect of Hothouse).

5.1.2 To measure and register the emission of GEI

in the organization and its environmental impact.

5.1.3 To establish and implement measurements to

minimize and to prepare the GEI emission in the

organization.

5.1.4 To identify aspects of the use of fuels with

approach to the life cycle and to implement programs of efficient progress.

5.1.5 Rationalization of energy means inside the

organization.

5.1.6 To inform the emission of GEI in the

organization and the adopted measurements.


5.2.1 To analyze and identify irrigations and

opportunities in the environment and its possible

climate changes to minimize damages.

5.2.2 To establish and implement measurements for

the adaptation before the climate change.


6.1 To identify and take measures on the possible

impacts to the ecosystem.

6.2 To establish and implement Strategies of

Administration of Ecosystems.

6.3 To analyze, establish and implement

measurements of protection, of the possible

affected ecosystems.

6.4 To establish and implement measurements for

the prevention and minimization of the possible

impacts in the affected ecosystems.


6.5 Give a report of results and the measurements

taken before the analysis of the possible affected

ecosystems.


7.1 To realize reports of pursuit of performance

of the matters of environmental responsibility.

7.2 To obtain cross-check of the information

obtained on the part of the interested parties and to

exhibit the points that are not included.




of social responsibility ISO26000:2010 COBIT5:2012

ISO26000:2010

EDM04 - to Assure the Resources optimization


1. -

To

Ex

amin

e an

d to

ev

alu

ate

the

curr

ent an

d f

utu

re s

trat

egy, th

e op

tions

of

supply

of

IT r

esourc

es

and

to

dev

elo

p a

pti

tud

es t

o c

ov

er t

he

curr

ent

and

futu

re n

eeds

(incl

udin

g s

upply

alt

ernati

ves

).

2.

- T

o D

efin

e th

e b

egin

nin

g t

o g

uid

e th

e al

loca

tion a

nd r

esourc

es m

anag

emen

t an

d c

apac

itie

s so

that

IT

th

e n

eed

s fo

r th

e co

mp

any

co

uld

sa

tisf

y th

em,

wit

h th

e sk

ill

and ca

pac

ity nee

ded

in

acco

rdan

ce w

ith

th

e ag

reed

pri

ori

ties

an

d t

he

bu

dget

ary l

imit

atio

ns.

3

. -

To

Ch

eck

an

d t

o a

pp

rov

e th

e p

lan

of

reso

urc

es a

nd t

he

stra

tegie

s of

arch

itec

ture

of

the

com

pan

y

for

the

del

iver

y o

f v

alu

e an

d t

he

mit

igat

ion

of

risk

s w

ith t

he

assi

gned

res

ourc

es.

4.

- T

o U

nd

erst

and

th

e re

qu

isit

es t

o a

lig

n t

he

reso

urc

es m

anag

emen

t w

ith t

he

pla

nn

ing o

f fi

nan

cial

and

hu

man

man

ager

ial

reso

urc

es.

5. -

To

Def

ine

the

beg

inn

ing

fo

r th

e m

anag

em

ent an

d the

contr

ol o

f th

e ar

chit

ectu

re o

f th

e co

mpan

y.

1.

- T

o C

om

mu

nic

ate

and

to

im

pel

th

e ad

op

tio

n o

f st

rate

gie

s of

reso

urc

es m

anag

emen

t, b

egin

nin

g

and

th

e ag

reed

pla

n o

f re

sou

rces

an

d t

he

stra

teg

ies

of

arch

itec

ture

of

com

pan

ies.

2.

- T

o A

ssig

n r

esp

on

sib

ilit

ies

for

the

reso

urc

es m

anag

emen

t ex

ecuti

on.

3.

- T

o D

efin

e th

e ta

rget

s, m

easu

red

an

d m

etri

c k

ey f

or

the

man

agem

ent

of

the

reso

urc

es.

4.

- T

o E

stab

lish

th

e b

egin

nin

g r

ela

ted

to

th

e p

rote

ctio

n o

f re

sou

rces

.

5.

- T

o A

lig

n t

he

reso

urc

es m

anag

emen

t w

ith

th

e pla

nnin

g o

f H

um

an R

esourc

es a

nd f

inan

cier

of

the

com

pan

y.

1.

- T

o S

up

erv

ise

the

allo

cati

on

an

d r

eso

urc

es o

pti

miz

atio

n i

n a

ccord

ance

wit

h t

he t

arget

s an

d

pri

ori

ties

of

the

com

pan

y b

y m

ean

s o

f ta

rgets

an

d m

etri

c ag

reed

.

2.

- T

o S

up

erv

ise

the

sup

ply

IT

str

ateg

ies

and

of

arch

itec

ture

of

the

com

pany a

nd

the

reso

urc

es a

nd

IT a

pti

tud

es t

o g

uar

ante

e th

at t

he

curr

ent

and

fu

ture

nee

ds

for

the

com

pan

y c

ould

be

sati

sfie

d.

3.

- T

o S

up

erv

ise

the

yie

ld o

f th

e re

sou

rces

op

posi

te t

o t

he

targ

ets

, to

anal

yze

the

cause

s of

the

dev

iati

on

s an

d t

o i

nit

iate

co

rrec

tiv

e ac

tio

ns

to s

olv

e th

e under

lyin

g c

ause

s.


1.1 To establish Timetable of Activities. 1.2 Definition of the Intention of the organization. 1.3 Analysis and Definition of the Scope of the

organization.


2.1 Recognition of the Interested parts and its interests. 2.2 To identify the activities of the organization and of the

interested parts.

2.3 To identify the laws and applicable regulations. 2.4 To check the fulfillment grade with regard to the

environmental laws.

2.5 To spread the relation between the interests of the

interested parts and the organization, as well as its

fulfillment grade with the environmental laws.


3.1 To identify aspects and impacts of the decisions and

activities.

3.2 To identify the sources of contamination and residues. 3.3 To identify and avoid the use of chemicals prohibited

by the law.

3.4 To measure and register the significant sources of

contamination and its risks in the environment.

3.5 To establish and implement measurements to prepare

the contamination.

3.6 To establish and implement prevention programs before accidents.

3.7 To report about the significant sources of

contamination, risks and adopted measurements.


4.1 To identify the used natural resources.


4.2 To measure, register and inform the environmental

impact of the use of the natural resources.

4.3 To establish and implement efficiency measurements

for the use of natural resources.

4.4 To identify alternatives for the sustainable natural

resources consumption.

4.5 To establish evaluation schemes to promote the

sustainable procurement.

4.6 To report about the use of natural resources, impacts

and adopted measurements.



5.1.1 To identify sources of emission of GEI (Gases of

effect of Hothouse).

5.1.2 To measure and register the emission of GEI in the

organization and its environmental impact.

5.1.3 To establish and implement measurements to minimize and to prepare the GEI emission in the

organization.

5.1.4 To identify aspects of the use of fuels with approach

to the life cycle and to implement programs of efficient

progress.

5.1.5 Rationalization of energy means inside the

organization.

5.1.6 To inform the emission of GEI in the organization and

the adopted measurements.


5.2.1 To analyze and identify irrigations and opportunities

in the environment and its possible climate changes to

minimize damages.

5.2.2 To establish and implement measurements for the

adaptation before the climate change.


6.1 To identify and take measures on the possible impacts

to the ecosystem.

6.2 To establish and implement Strategies of Administration of Ecosystems.

6.3 To analyze, establish and implement measurements of

protection, of the possible affected ecosystems.

6.4 To establish and implement measurements for the

prevention and minimization of the possible impacts in the

affected ecosystems.

6.5 Report of results and the measurements taken before

the analysis of the possible affected ecosystems.


7.1 To realize reports of pursuit of performance of the

matters of environmental responsibility.

7.2 To obtain cross-check of the information obtained on

the part of the interested parties and to exhibit the points that

are not included.





COBIT5:2012

ISO26000:2010

EDM05 - to Assure the Transparence towards the Interested

Parts


1.

- T

o E

xam

ine

and

to

judg

e th

e cu

rren

t re

qu

isit

es a

nd

futu

res

of

mak

ing o

f

repo

rts

wit

h r

egar

d t

o t

he

use

of

IT i

nsi

de

the

com

pan

y (

reg

ula

tion

, le

gis

lati

on.

gen

eral

law

s. c

ontr

actu

al r

equis

ites

). I

ncl

udin

g s

cop

e an

d f

requ

ency

.

2.

- T

o E

xam

ine

and

to

judg

e th

e cu

rren

t re

qu

isit

es a

nd

futu

res

of

mak

ing o

f

repo

rts

for

oth

er in

tere

sted

par

ties

con

cern

s to

the

use

of

IT i

nsi

de

the

com

pan

y.

Incl

udin

g s

cope

and

cond

itio

ns.

3.

- T

o M

ainta

in t

he

beg

innin

g o

f co

mm

unic

atio

n w

ith e

xte

rnal

an

d i

nte

rnal

inte

rest

ed p

arti

es,

incl

udin

g f

orm

ats

and

ch

ann

els

of

com

mu

nic

atio

n a

nd t

he

beg

innin

g o

f ac

cep

tan

ce a

nd

app

rov

al o

f th

e re

port

s o

n th

e p

art

of

the

inte

rest

ed

par

ts.

1. -

To

Fac

e th

e es

tabli

shm

ent o

f th

e st

rate

gy o

f co

mm

unic

atio

n f

or

exte

rnal

and

inte

rnal

in

tere

sted

par

ties

.

2.

- T

o F

ace

the

mec

han

ism

s im

ple

men

tati

on t

o g

uar

ante

e th

at t

he

info

rmat

ion

fulf

ills

all

th

e cr

iter

ia o

f th

e ob

lig

atory

co

rpo

rate

req

uis

ites

as

for

IT r

epo

rts

mak

ing

. 3

. -

To

Est

abli

sh m

ech

anis

ms

of

rati

fica

tio

n a

nd

app

rov

al o

f th

e o

bli

gat

ory

mak

ing

of

repo

rts.

4. -

To

Est

abli

sh m

ech

anis

ms

of

clim

bed

in

th

e re

po

rts

mak

ing.

1.

- T

o E

val

uat

e p

erio

dic

ally

the

effi

cacy

of

the

mec

han

ism

s to

as

sure

the

pre

cisi

on

and

th

e re

liab

ilit

y o

f th

e ob

lig

atory

mak

ing o

f re

po

rts.

2. -

To

Ev

aluat

e per

iodic

ally

th

e ef

fica

cy o

f th

e m

ech

anis

ms

and

the

exit

s o

f th

e

com

mu

nic

atio

n w

ith e

xte

rnal

and

inte

rnal

in

tere

sted

par

ties

.

3. -

To

Det

erm

ine

if th

e re

quis

ites

of

the

dif

fere

nt

inte

rest

ed p

arti

es a

re f

ulf

ille

d.


1.1 To establish Timetable of Activities. 1.2 Definition of the Intention of the organization. 1.3 Analysis and Definition of the Scope of the organization. 2. Recognition of Environmental responsibility

2.1 Recognition of the Interested parts and its interests. 2.2 To identify the activities of the organization and of the

interested parts.

2.3 To identify the laws and applicable regulations. 2.4 To check the fulfillment grade with regard to the environmental

laws.

2.5 To spread the relation between the interests of the interested

parts and the organization, as well as its fulfillment grade with the

environmental laws.


3.1 To identify aspects and impacts of the decisions and activities. 3.2 To identify the sources of contamination and residues. 3.3 To identify and avoid the use of chemicals prohibited by the

law.

3.4 To measure and register the significant sources of

contamination and its risks in the environment.

3.5 To establish and implement measurements to prepare the contamination.

3.6 To establish and implement prevention programs before

accidents.

3.7 To report about the significant sources of contamination, risks

and adopted measurements.


4.7 To identify the used natural resources. 4.8 To measure, register and inform the environmental impact of


4.9 To establish and implement efficiency measurements for the use


4.10 To identify alternatives for the sustainable natural resources

consumption.


4.11 To establish evaluation schemes to promote the sustainable

procurement.

4.12 To report about the use of natural resources, impacts and




5.1.1 To identify sources of emission of GEI (Gases of effect of

Hothouse).

5.1.2 To measure and register the emission of GEI in the organization


5.1.3 To establish and implement measurements to minimize and to

prepare the GEI emission in the organization.

5.1.4 To identify aspects of the use of fuels with approach to the life

cycle and to implement programs of efficient progress.

5.1.5 Rationalization of energy means inside the organization. 5.1.6 To inform the emission of GEI in the organization and the



5.2.2 To analyze and identify irrigations and opportunities in the

environment and its possible climate changes to minimize damages.

5.2.3 To establish and implement measurements for the adaptation before the climate change.


6.1 To identify and take measures on the possible impacts to the

ecosystem.

6.2 To establish and implement Strategies of Administration of

Ecosystems.

6.3 To analyze, establish and implement measurements of

protection, of the possible affected ecosystems.

6.4 To establish and implement measurements for the prevention

and minimization of the possible impacts in the affected ecosystems.

6.5 Report of results and the measurements taken before the

analysis of the possible affected ecosystems.


7.3 To realize reports of pursuit of performance of the matters of


7.4 To obtain cross-check of the information obtained on the part of

the interested parties and to exhibit the points that are not included.

Source: Proper making based on the guide of social responsibility ISO26000:2010 [24]

and COBIT5:2012 [23].

Alignment of the activities of the norm internment ISO26000:2010 with IT processes of

management of "COBIT5:2012".

The present analysis consists of identifying which of the activities of sostenibilidad

way environmental modality to the norm ISO26000:2010, is aligned to the processes

of management of managerial YOU of the referential frame COBIT5:2012, the same

one that sees 11 reflected in *Cuadro.


Square 2. Alignment between the processes of management of COBIT5:2012 and

activities of the guide of social responsibility of social responsibility ISO26000:2010.

COBIT5:2012 ISO26000:2010

Dom

ain

Process Activities

AP

O01

To manage IT

management frame

1.3 Analysis and definition of the scope of the

organization.

AP

O03

To manage the managerial

architecture

2.1 Recognition of the interested parts and its

interests.

2.2 To identify the activities of the

organization and of the interested parts.

AP

O04

To manage the innovation 4.5 To establish evaluation schemes to promote


5.1.5 Rationalization of energy means inside

the organization.

AP

O12

To manage the risk 3.1 To identify aspects and impacts of the

decisions and activities.

3.4 To measure and register the significant

sources of contamination and its risks in the

environment.

3.7 To report about the significant sources of

contamination, risks and adopted

measurements.

4.2 To measure, register and inform the

environmental impact of the use of the natural

resources.

4.6 To report about the use of natural

resources, impacts and adopted measurements.

5.1.2 To measure and register the emission of

GEI in the organization and its environmental

impact.

5.1.6 To inform the emission of GEI in the

organization and the adopted measurements.

5.2.1 To analyze and identify irrigations and

opportunities in the environment and its


possible climate changes to minimize the

damages.

5.2.2 To establish and implement

measurements for the adaptation before the

climate change.

6.1 To identify and take measures on the

possible impacts to the ecosystem.

6.4 To establish and implement measurements

for the prevention and minimization of the

possible impacts in the affected ecosystems.

DS

S02

To manage requests and

service incidents

3.6 To establish and implement prevention

programs before accidents.

DS

S04

To manage the Continuity

ME

A01

To supervise, to evaluate

and to value the yield and

the continuity

4.5 To establish evaluation schemes to promote


7.1 To realize reports of pursuit of performance

of the matters of environmental responsibility.

ME

A03

To supervise, to evaluate

and to value the continuity

with the external requests

2.3 To identify the laws and applicable

regulations.

2.4 To check the fulfillment grade with regard

to the environmental laws. Source: Proper making, based in COBIT5:2012 [23] and the guide of social responsibility ISO26000:2010 [24].

Identification of Limitations.

Based on the mapping carried out between the obtained activities of the guide of social

responsibility ISO26000:2010 opposite to the activities corresponding to IT processes

of the frame of government COBIT5:2012, there was identified the type of limitation

that they present IT government frame earlier mentioned to fulfill with the

characteristics of sostenibilidad environmental way which carried out in Square 13,

adopting the symbology explained in *Square 12.

Square 3. Symbology used in the limitations

Simbología

Symbol Meaning

Approach

Activity

None

Source: Proper making


Activity Type Justification


2.1 Recognition of the

interested parts and its

interests

IT activity of the processes of government

COBIT5:2012, which expires partly with this activity

is:

The activity 1, of the section to Evaluate of the

process EDM02

Since it satisfies as for the recognition of the interests

of the interested parts, bearing in mind that it is

necessary to know previously those who are the

interested parts, with the difference that here does it to

itself according to IT, while in the activity 2.1

regarding the guide of social responsibility

ISO26000:2010, considering the environment.

2.2 To identify the

activities of the

organization and of the

interested parts

Dice to that there does not exist in any of the processes

of IT government COBIT5:2012 any activity that

expires with what there stipulates the activity 2.2


ISO26000:2010, to manage to expire with earlier

mentioned, it is necessary to consider to be the

inclusion of the following activity:

“To identify the activities so much of IT frame of

government as of the interested parts, and its

possible impacts to the environmental

responsibility”

2.3 To identify the laws

and applicable

regulations

YOUR activities of the processes of government

COBIT5:2012, which expire partly with this activity

are:


process EDM01.


process EDM01.


process EDM05.

Since they satisfy as for the identification of applicable

laws, with the difference that, in the activities earlier

mentioned, is focused on the laws applicable to IT

government, while in the activity 2.3 regarding the

guide of social responsibility ISO26000:2010, the

laws applicable to the activities and decisions

related to the environment.


2.4 To check the

fulfillment grade with

regard to the

environmental laws.

IT activities of the processes of government

COBIT5:2012, which expire partly with this activity

are:

The activity 4, of the section to Supervise of the

process EDM01.


process EDM01.


process EDM05.

Since they satisfy as for assuring that the relations and

activities should expire with the due and applicable

legal frame, in addition to measuring the fulfillment

grade with regard to the applicable laws, with the

difference that in earlier mentioned they focus to IT,

while the activity 2.4 to the environmental laws.

2.5 To spread the

relation between the

interests of the

interested parts and the

organization, as well as

its fulfillment grade

with the environmental

laws.

Because there does not exist in any of the processes of

IT government COBIT5:2012 any activity that

expires with what there stipulates the activity 2.5


ISO26000:2010, to manage and expire with earlier

mentioned, it is necessary to consider the inclusion of

the following activities:

“To spread publicly the interested parts, the

relation between its interests and those of the frame

of IT government and the grade of fulfillment with

the applicable environmental laws”.

3 Prevention of the contamination

3.1 Identify

appearances and

impacts of the decisions

and activities

The activities of the processes of government of IT

COBIT5:2012, that fulfil partly with this activity are:

The activity 4, of the section Evaluate of the

process EDM03.

The activity 1, of the section Orient of the process

EDM03.

Since, they satisfy directly to the identification of

impacts(risks) previously of the decisions to take with

the difference that in the above-mentioned does it to

him with an approach to the irrigations of IT of the

decisions whereas in the activity 3.1 focuses to the

impacts (risks), of the decisions and activities that

affect to the surroundings.


3.2 Identify the sources

of pollution and waste.

Die to the nonexistence of some activity in the

processes of government of IT COBIT5:2012 that

fulfil with what stipulates the activity 3.2 concerning

the guide of social responsibility ISO26000:2010, to

attain fulfil with the above-mentioned, has to consider

the inclusion of the following activity:

“Identify the sources of pollution and of waste

related to the activities of the frame of government

of IT”

3.3 Identify and avoid

the utilization of

chemical products

forbidden by the law.

Given the nonexistence of some activity in the


fulfil with what stipulates the activity 3.2 concerning

the guide of social responsibility ISO26000:2010, to

attain fulfil with the above-mentioned, has to consider

the inclusion of the following activity:

“Identify and avoid the utilisation of chemical

products forbidden by the law in the frame IT

government”

3.4 Establish and

implement measures to

warn the pollution

Because of the nonexistence of some activity in the

processes IT government COBIT5:2012 that satisfy

what stipulates the activity 3.5 concerning the guide

of social responsibility ISO26000:2010, to attain

satisfy the above-mentioned, has to consider the


“Establish and implement measures to warn the

pollution and the generation of waste inside the

frame IT government.”

3.5 Establish and

implement programs of

prevention in front of

accidents.

Considering the nonexistence of some activity in the

processes IT government COBIT5:2012 that satisfy

what stipulates the activity 3.6 concerning the guide

of social responsibility ISO26000:2010, to attain

satisfy the above-mentioned, has to consider the


“Establish and implement a program of

prevention, preparation and a plan of emergency

in front of accidents and environmental incidents

so many interns like external to the frame IT

government, that involve to the parts interested

pertinent.”

4 Sustainable use of the resources


4.1 Establish and

implement measures of

efficiency for the use of

natural resources.

La actividad de los procesos de gobierno de TI

COBIT5:2012, que cumple en parte con esta

actividad es la siguiente:

la actividad 3, de la sección Orientar del

proceso EDM04.

Ya que, satisface en cuanto al establecimiento de

medidas para el uso eficiente de los recursos, con la

diferencia de que en la actividad antes mencionada

se lo realiza con un enfoque a los recursos de TI,

mientras que la actividad 4.3 referente a la guía de

responsabilidad social ISO26000:2010, se enfoca

al uso de recursos naturales.

4.2 Establish diagrams

of evaluation to

promote the sustainable

acquisitions

The activity of the processes of government of IT

COBIT5:2012, that fulfils partly with this activity

is:


process EDM04.

Since it satisfies regarding the evaluation of

strategies and acquisition of resources, with the

difference that in the above-mentioned activity does

it regarding the acquisitions of resources of IT,

mention that the activity 4.5 concerning the guide

of social responsibility ISO26000:2010 it refers to

the acquisition of products and sustainable services.

However, to satisfy completely the described in the

activity 4.5, is necessary the inclusion of the

following activity:

“Establish diagrams for the evaluation of the

environmental exert, of the products and

services that purchase inside the frame of

government of IT, and give preference to the

acquisition of products that minimize his

impacts.”


4.3 Inform about the

use of natural resources,

impacts and measures

adopted



is:

The activity 1, of the section Orient of the

process EDM04.

Since it satisfies regarding informing on the use or

management of resources, with the difference that

in the above-mentioned refers to the resources of IT,

whereas in the activity 4.6 concerning the guide of

social responsibility ISO26000:2010 it refers to the

natural resources.

However, to attain satisfy completely the described

in the activity 3.4, is necessary the inclusion of the

following activity:

“Spread publicly the natural resources and his

significant use in the frame of government of IT,

as well as his impacts to the environment and

measures adopted for his mitigation.”

5 Protection of the environment, the biodiversity and restoration of the natural

habitats

5.1 Mitigation Of the climatic change

5.1.1 Identify sources

of broadcast of GEI

(GREEN HOUSE

GASES)

Because of the nonexistence of some activity in the


fulfil with what stipulates the activity 5.1.1

concerning the guide of social responsibility

ISO26000:2010, to attain fulfil with the above-

mentioned, has to consider the inclusion of the

following activity:

“Identify direct and indirect sources of

accumulation of broadcasts of GEI inside the

frame of government of IT and define the scope

of his responsibility.”

5.1.2 Measure and

register the broadcasts

of GEI in the

organization and his

environmental impact



is:


process EDM03.

Since, it satisfies regarding the measurement of

impacts (risks), with the difference that in the before

described activity does it to him with an approach

to the risks related to the YOU, whereas in the

activity 5.1.2 concerning the guide of social

responsibility ISO26000:2010, it focuses to the


risks related to the broadcasts of GEI that affect to

the environment.

5.1.3 Identify

appearances of the use

of fuels with approach

to the cycle of life and

implement programs of

efficient improvement

The activity of the processes IT government


is:


process EDM02.

Since it satisfies regarding the efficient

improvement of the use of fuels, however, to attain

satisfy completely the described in the activity

5.1.4, it is necessary the inclusion of the following

activity: “Identify the quantity and the type of

significant use of fuels inside the frame IT

government and implement programs to

improve his efficiency.”

5.1.4 Rationalization

of Energetic Means

inside the organization



is:


process EDM04.

Since it satisfies regarding the purchase of goods

energetically efficient, however, to attain satisfy

completely the activity 5.1.5, it is necessary the

inclusion of the following activity: “Make savings

of energy while it was possible inside the frame

of government of IT, including the purchase and

development of goods and products energetically

efficient.”

5.1.6 Inform the taking

of measures of the

broadcasts of GEI in the

organization

Considering the nonexistence of some activity in

the processes IT government COBIT5:2012 that

fulfil with what stipulates the activity 5.1.6




following activity: “Inform on his significant

broadcasts of GEI inside the frame of

Government of IT and the measures to adopt to

warn the impact to the environment.”

5.2 Adaptation to the climatic change

5.2.1 Analyze and

identify irrigations and

opportunities in the

surroundings and his

The activities of the processes IT government

COBIT5:2012, that fulfil partly with this activity

are:


possible climatic

changes to minimize

damages.


process EDM02.


process EDM03.


process EDM03.

Since, they satisfy regarding the analysis and

identification of risks related to the climatic

changes, as well as the analysis of the opportunities

that can arise during the climatic changes to reduce

damages, with the difference that the above-

mentioned focus in the opportunities, risks and

impacts related to the IT, and the activity 5.2.1


ISO26000:2010 it focuses in the opportunities,

risks and impacts made by the climatic changes.

5.2.2 Establish and

implement measures for

the adaptation in front

of the climatic change.



is:

The activity 4 corresponding, to the section

Orient of the process EDM03.

Since it satisfies regarding the implementation of

measures to answer in front of impacts with the

difference that in the before described activity does

it focusing in the variable risks of the organization,

whereas in the activity 5.2.2 concerning the guide

of social responsibility ISO26000:2010 it focuses

in the variable risks related to the climatic changes

considering his sphere of influence (parts

interested).

6 Protection of the environment, the biodiversity and restoration of the natural

habitats


6.1 Identify and take

measures on the

possible impacts to the

ecosystem

The activities of the processes of government of IT


are:

The activity 1 corresponding, to the section

Evaluate of the process EDM03.

The activity 3 corresponding to the section


Since, they satisfy regarding the identification of

risks and impacts, as well as with the establishment

of measures of protection to minimize or delete said

impacts, with the difference that in the above-

mentioned activities does it to him with an approach

to the risks and impacts related to the IT, and in the

activity 6.1 concerning the guide of social

responsibility ISO26000:2010 it does it with an

approach to the risks that affect the biodiversity and

the services of the ecosystem.

6.2 Establish and

implement Strategies of

Administration of

Ecosystems



is:

The activity 3, corresponding to the section


Since it satisfies regarding the establishment of

measures or strategies of administration, with the


it focusing in the management of resources,


social responsibility ISO26000:2010 it focuses in

the ecosystem (terrains, waters).

6.3 Analyze, Establish

and implement

measures of protection,

of the possible

ecosystems affected.



is:


process EDM04.

Since it satisfies in the determination of measures

of protection in front of possible impacts, with the

difference that the before described focuses in the

resources of IT, whereas the activity 6.3 concerning

the guide of social responsibility ISO26000:2010,

it focuses in the protection of possible ecosystems

affected.

However, to satisfy entirely this activity, is

necessary the inclusion of the following:


“Incorporate in the frame of government of

IT, measures of protection of the possible

ecosystems affected (natural habitats,

rainforests, forests, runners of wild life, areas

protected and agricultural terrains), considering

besides to the wild animals”.

“Use progressively and in greater proportion

products of providers that use technologies and

processes more sustainable, inside the frame IT

government.”

6.4 Establish and

implement measures for

the prevention and

minimization of the

possible impacts in the


Considering the nonexistence of some activity in

the processes of IT government COBIT5:2012 that

fulfil with what stipulates the activity 6.4




following activity:

“Establish and Implement practices of planning,

design and operation, like forms to warn and

minimize the possible impacts that affect to the

ecosystem, resultant of the decisions taken inside

the frame of government of IT.”

6.5 Report of results

and the measures taken

in front of the analysis

of the possible


Taking into account the nonexistence of some

activity in the processes of IT government

COBIT5:2012 that fulfil with what stipulates the

activity 6.5 concerning the guide of social

responsibility ISO26000:2010, to attain fulfil with

the above-mentioned, has to consider the inclusion

of the following activity:

“Register and inform on the measures taken

regarding the analysis made of the ecosystems

affected by the frame of IT government.”

7- Follow-up and Control

7.1 Make reports of

follow-up of exert of the

subjects of

environmental

responsibility.



is:

The activity 3, of the section Supervise of the

process EDM02.

Since it satisfies regarding the establishment of

measures or strategies of administration, with the


it focusing in the management of resources,



social responsibility ISO26000:2010 it focuses in

the ecosystem (terrains, waters).

7.2 Obtain verification

of the information

obtained by part of the

interested and expose

the points that do not

cover .

The activities of the processes of IT government


are:


process EDM01.


process EDM05.

The activity 3, of the section Supervise of the

process EDM05.

Since it satisfies regarding the verification of the

information obtained by part of the interested,

However, to attain satisfy entirely this activity, is

necessary the inclusion of the following:

“Provide a brief explanation of reason do not

cover some points of environmental

responsibility, to show that the frame IT

government has done effort to cover all the

important subjects.”

“Use a process of rigorous and responsible

verification, in which the data and the

information of environmental responsibility

come from of a reliable source that allow

verifying the accuracy of the same by part of the

interested”.

Source: Own preparation

Activities proposed of environmental half sustainability. In base to the limitations

identified in the *Picture 13 determined the need to include the activities described in

the *Picture 14, to attain add characteristics of environmental half sustainability to the

frame of IT government COBIT5:2012.


Picture 4: Activities of environmental half sustainability

GO Activities of environmental half sustainability for the frame of IT

government

A1 Identify the activities so much of the frame of IT government as of the parts

interested and his possible impacts to the environmental responsibility.

A2 Spread publicly the parts interested, the relation between his interests and the

ones of the frame of IT government and the degree of fulfillment with the

applicable environmental laws.

A3 Identify the sources of pollution and of waste related to the activities of the

frame of IT government.

A4 Identify and avoid the utilization of chemical products forbidden by the law in

the frame IT government.

A5 Measure and Register the sources of pollution and of generation of significant

waste inside the frame IT government, in addition to the risks that these that

made to the human health and the environment.

A6 Establish and implement measures to warn the pollution and the generation of

waste inside the frame IT government.

A7 Establish and implement a program of prevention, preparation and a plan of

emergency in front of accidents and environmental incidents so many interns

like external to the frame IT government, that involve to the parts interested

pertinent.

A8 Spread publicly the quantities and types of toxic materials that use or free in

normal operations and in accidental releases inside the frame IT government,

including the risks known that made to the human health and the environment

and the measures that pretends assume to mitigate these risks.

A9 Identify the natural resources used inside the frame IT government.

A10 Identify alternative sources, sustainable, renewable and of low impact to

complement or replace the use of resources no renewable inside the frame IT

government.

A11 Establish diagrams for the evaluation of the exert environmental, of the products

and services that purchase inside the frame IT government, and give preference

to the acquisition of products that minimize his impacts.

A12 Spread publicly the natural resources and his significant use in the frame IT

government, as well as his impacts to the environment and measures adopted

for his mitigation.

A13 Identify direct and indirect sources of accumulation of broadcasts of GEI inside

the frame IT government and define the scope of his responsibility.

A14 Establish and implement measures to warn and minimize progressively the

broadcasts of GEI in the frame IT government, and boost similar actions in his

sphere of influence.

A15 Identify the quantity and the type of significant use of fuels inside the frame IT

government and implement programs to improve his efficiency.


A16 Make savings of energy while it was possible inside the frame IT government,

including the purchase and development of goods and products energetically

efficient.

A17 Inform on his significant broadcasts of GEI inside the frame IT government and

the measures to adopt to warn the impact to the environment.

A18 Incorporate in the frame IT government, measures of protection of the possible

ecosystems affected (natural habitats, rainforests, forests, runners of wild life,

areas protected and agricultural terrains), considering besides to the wild

animals.

A19 Use progressively and in greater proportion products of providers that use

technologies and processes more sustainable, inside the frame IT government.

A20 Establish and Implement practices of planning, design and operation, like forms

to warn and minimize the possible impacts that affect to the ecosystem, resultant

of the decisions taken inside the frame IT government.

A21 Register and inform on the measures taken regarding the analysis made of the

ecosystems affected by the frame IT government.

A22 Use a process of rigorous and responsible verification, in which the data and the

information of environmental responsibility come from of a reliable source that

allow verifying the accuracy of the same by part of the interested.

A23 Provide a brief explanation of reason do not cover some points of environmental

responsibility, to show that the frame IT government has done effort to cover all

the important subjects.

Source: own Preparation based in the guide of social responsibility. ISO26000:2010

[23]

Model of an IT government.

In base to the identification of limitations that presents the frame IT government

COBIT5:2012 in front of the characteristics of environmental half sustainability of the

guide of social responsibility ISO26000:2010, reflected in the *Picture 13 and to the

activities proposed in the *Picture 14 to attain the inclusion of the same, elaborated the

model of frame IT government with environmental half sustainability that shows


Source: Own Preparation, based in the frame of work of COBIT5:2012 [24].

Explanation of the new model.

To attain that, inside the frame IT government COBIT5:2012 they consider

characteristic of environmental half sustainability, determined afterwards of the

identification of the limits in the *Picture 13, taking in account the activities of the

fundamental matter environmental half sustainability obtained of the guide of social

responsibility ISO26000:2010, that has to incorporate the following appearances:

Process EDM01: Ensure the establishment and maintenance of the theoretical frame

of Government. In this process considered the inclusion of an approach of

environmental half sustainability, to the following activities:

a. The activity 1 of the section Evaluate, that with the end to satisfy the activity

2.3 concerning the guide of social responsibility ISO26000:2010, it remains of

the following way; “Analyze and identify the factors of the internal and external

surroundings (legal obligations, contractual and regulatory) and tendencies in

the surroundings of the frame IT government that can influence in the

environmental half sustainability.”

b. The activity 3 of the section Evaluate, that with the end to satisfy the activity


the following way; “Consider the external regulations, legal and contractual

obligations related to the environmental responsibility and determine how

have to be applied in the frame IT government of the company.”

c. The activity 4 of the section Supervise, that with the end to satisfy the activity


the following way; “Keep the supervision on the point until which the frame

IT government satisfies the obligations (regulations, legislations, common


laws, contractual), internal politics, standard and environmental half

guidelines.”

d. The activity 6 of the section Supervise, that with the end to satisfy the activity


the following way, “Supervise the routine and regular mechanisms to guarantee

that the use of IT fulfils with the notable obligations (regulatory, legislation,

common laws, contractual), standard and environmental half guidelines.”

Besides, it considered the inclusion of the following activities:

In the section Evaluate.

a. “1. Identify the activities so much of the frame IT government as of the parts

interested and his possible impacts to the environmental responsibility.”

b. “4. Identify and avoid the utilization of chemical products forbidden by the law

in the frame IT government.”

In the section Orient.

a. “2. Spread publicly the parts interested, the relation between his interests and

the ones of the frame IT government and the degree of fulfillment with the

applicable environmental laws.”

Process EDM02. Ensure the Delivery of Profits. In this process considered the

inclusion of an approach of environmental half sustainability, to the following

activities:



the following way; “Comprise the requests of the parts interested in relation to

the environment; strategic subjects of environmental sustainability, such as

the dependencies of the environmental sustainability; and comprise the

technology and his capacities considering the current importance and potential

of the environmental sustainability for the strategy of the frame IT

government”.


5.2.1 concerning the guide of social responsibility ISO26000:2010, it remains

of the following way; “Comprise and argue regularly the opportunities that

could arise of the climatic changes to minimize damages associated to said

changes in the frame IT government.”

c. The activity 5 of the section Orient, that with the end to satisfy the activity 4.2

concerning the guide of social responsibility ISO26000:2010, it remains of the

following way; “Communicate to level of company the utilization of natural

resources in the frame IT government and the measures of results of the

environmental impacts produced by the use of natural resources, to allow

an effective control”.


Process EDM03. Ensure the optimization of the Risk. In this process considered the


activities:



the following way; “Determine the level of risks related to the use of natural

resources that the frame IT government is had to assume to fulfil with his

aims (appetite of risk).”



of the following way; “Determine the level of risks related to the broadcasts

of GEI that affect to the environment and that the frame IT government is had

to assume to fulfil with his aims (appetite of risk).”

c. The activity 1 of the section Evaluate, that with the end to satisfy the activity


of the following way; “Determine the level of risks related with the climatic

changes that the frame IT government is had to assume to fulfil with his aims

(appetite of risk).

d. The activity 1 of the section Evaluate, that with the end to satisfy the activity


the following way; “Determine the level of risks related to the biodiversity and

the services of the ecosystem that the frame IT government is had to assume

to fulfil with his aims (appetite of risk).

e. The activity 4 of the section Evaluate, that with the end to satisfy the activity


the following way; “Evaluate proactively the factors of environmental half risk

produced by the activities, prior to the strategic decisions of the frame IT

government, slope and ensure that they take conscious of the risks”.

f. The activity 4 of the section Evaluate, that with the end to satisfy the activity


of the following way; “Evaluate proactively the factors of risks made by the

climatic changes prior to the strategic decisions of the frame IT government

and ensure that the decisions take consents of the risks”.

g. The activity 1 of the section Orient, that with the end to satisfy the activity 3.1


following way; “Promote a culture of the environmental half risks and promote

to the frame IT government to an identification proactiva of environmental

half risk, opportunities and impacts of the decisions and activated that they

affect to the environment”.

h. The activity 4 of the section Orient, that with the end to satisfy the activity


of the following way; “Orient the implementation of appropriate mechanisms

to answer quickly to the variables risks related to the climatic changes and

notify immediately to the suitable levels of management, supported principles

of scaled agreed (that inform, when, where and as)”.




a. “3. Identify the sources of pollution and of waste related to the activities of the

frame IT government.”

b. “5. Measure and Register the sources of pollution and of generation of

significant waste inside the frame IT government, in addition to the risks that

these made to the human health and the environment.”

c. “13. Identify direct and indirect sources of accumulation of broadcasts of GEI

inside the frame IT government and define the scope of his responsibility.”


a. “6. Establish and implement measures to warn the pollution and the generation

of waste inside the frame IT government.”

b. “7. Establish and implement a program of prevention, preparation and a plan of

emergency in front of accidents and environmental incidents so many interns

like external to the frame IT government, that involve to the parts interested

pertinent.”

c. “14. Establish and implement measures to warn and minimize progressively the

broadcasts of GEI in the frame IT government, and boost similar actions in his

sphere of influence.”

d. “20. Establish and Implement practices of planning, design and operation, like

forms to warn and minimize the possible impacts that affect to the ecosystem,

resultant of the decisions taken inside the frame IT government.”

In the section Supervise.

a. “8. Spread publicly the quantities and types of toxic materials that use or free in

normal operations and in accidental releases inside the frame IT government, including

the risks known that made to the human health and the environment and the measures

that pretends assume to mitigate these risks.”

b. “17. Inform on his significant broadcasts of GEI inside the frame IT government

and the measures to adopt to warn the impact to the environment.”

Process EDM04: Ensure the Optimization of Resources. In this process considered the


activities:

a. The activity 3 of the section Orient, that with the end to satisfy the activity 4.3


following way; “Define the aims, measures and metric key for the management

of the natural resources in the frame IT government.”

b. The activity 3 of the section Orient, that with the end to satisfy the activity 6.1



of the biodiversity and the services of the ecosystem in the frame IT

government.”


c. The activity 3 of the section Orient, that with the end to satisfy the activity 6.2



of the ecosystem in the frame IT government.”

d. The activity 3 of the section Orient, that with the end to satisfy the activity 7.1


following way; “Consider usual and notable reports of the wallet program, and

exert of the subjects of environmental responsibility. Review the progress of

the frame IT government to the aims identified and the degree in which the

planned aims are reached, the aims of performance reached and the risk

mitigated”.



a. “19. Use progressively and in greater proportion products of providers that use

technologies and processes more sustainable, inside the frame IT government.”


a. “11. Establish diagrams for the evaluation of the exert environmental, of the

products and services that purchase inside the frame IT government, and give

preference to the acquisition of products that minimize his impacts.”

b. “16. Make savings of energy while it was possible inside the frame IT

government, including the purchase and development of goods and products

energetically efficient.”

Process EDM05: Ensure the transparency to the parts Interested. In this process

considered the inclusion of an approach of environmental half sustainability, to the

following activities:



the following way; “Examine and judge the current requirements and applicable

futures to the decisions and activities in the frame IT government

(regulation, legislation. General laws. Contractual requirements). Including

scope and frequency.”



a. “22. Use a process of rigorous and responsible verification, in which the data

and the information come from of a reliable source that allow verifying the

accuracy of the same by part of the Interested.”


a. “23. Provide a brief explanation of reason do not cover some points, to show

that the frame IT government has done effort to cover all the important

subjects.”


Process EDM06: environmental Sustainability in the frame IT government. With the

purpose to add guidelines of sustainability, considered the creation of the present

process, in which they have included the following activities:


a. “9. Identify the natural resources used inside the frame IT government.”

b. “10. Identify alternative sources, sustainable, renewable and of low impact to

complement or replace the use of resources no renewable inside the frame IT

government.”

c. “15. Identify the quantity and the type of significant use of fuels inside the frame

IT government and implement programs to improve his efficiency.”


a. “18. Incorporate in the frame IT government, measures of protection of the

possible ecosystems affected (natural habitats, rainforests, forests, runners of

wild life, areas protected and agricultural terrains), considering besides to the

wild animals.”


a. “12. Spread publicly the natural resources and his significant use in the frame

IT government, as well as his impacts to the environment and measures adopted

for his mitigation.”

b. “21. Register and inform on the measures taken regarding the analysis made of

the ecosystems affected by the frame IT government.”

References

[1] January 2016. [On line]. Available: https://actualidad.rt.com/economia/197283-

riesgos-economia-mundial-fmi.

[2] I. ISACA: Rolling Meadows, «Sustainability – An ISACA White Paper,» 2011.

[3] G. H. Brundtland, «Report of the World-wide Commission on the Environment

and the Sustainable Development,» 1987.

[4] I. 1. And. w. International organisation of Normalisation and S. G. d. l. C. And.

European union, Evaluation of the approaches to integrate the sustainability to

the community politics, Report of final summary, 2004.

[5] M. D. And. K. T. J. Stefan Naumann, «The GREENSOFT Model: To reerence

model for green and sustainable software,» Elsevier, 2011.

[6] F. Bengtsson And P. J. Ågerfalk, «Information technology ace to change actant in

sustainability innovation: Insights from Uppsala,» Elsevier, September 2010.


[7] M. C. Machado, F. To. Sobral And F. H. Junior, «Sustentabilidade na tecnologia

gives informacao análise two appearances considered no model of cobit,» IV

SINGEP, 2014.

[8] J. W. Merhout And J. Or'Toole, «Sustainable IT Governance (SITG): Is COBIT 5

An Adequate Model?,» AIS Electronic Library, pp. 1-7, Julio 2015.

[9] M. Bjoern, And. Koray, L. Fabian and Z. Ruediger, «How Sustainable is COBIT

5?,» Americas Conference on Information Systems:, vol. 19, pp. 15-17, August

2013.

[10] To. M. Gil Lafuente and L. Barcellos Paula, «THE CHALLENGES FOR THE

BUSINESS SUSTAINABILITY IN THE 21st century,» Magazine galega of

economy: Publication Interdisciplinar gives Facultade of Economic Sciences and

Empresariais, vol. 20, number 2, pp. 115 - 176, 2010.

[11] D. Fernández of Gatta Sánchez, «The diet of environmental sustainability,»

juridical Magazine of Castile and Leon, number 25, pp. 163 - 218, 2011.

[12] F. Arias, «sustainable Development and his indicators,» Magazine Society and

Economia, number 11, pp. 200-229, 2006.

[13] C. M. Minaverry And T. To. Gally, «THE VOLUNTARY NORMS To8.000 And

ISO 26.000 ON SOCIAL RESPONSIBILITY And HIS IMPORTANCE IN

FRONT OF THE WEAKNESS OF THE RIGHT,» Ars Boni et Aequi, vol. 9, pp.

257-276, 2013.

[14] L. Moratis, «Out of the ordinary? Appraising ISO 26000's CSR definition,» vol.

58, number 1, pp. 26 - 47, 2016.

[15] R. Mattos Of Deus, B. M. Roman Pais Seles and K. R. Ogasawara Scallop, «Ace

organizaçõis and to ISO 26000: revisãor two conceitos, two motivators and give

barreiras of implementaçãor,» Gestãor & Produçãor, vol. 21, number 4, pp. 793-

809, 2014.

[16] I. L. Muñoz Periñán and G. Ulloa Villegas, «Government of YOU – State of the

art,» Telematic & Systems, vol. 9, number 17, pp. 23-53, 2011.

[17] ISACA, COBIT 5: A Frame of Business for the Government and the

Management of the YOU of the Company, EE.UU, 2012.

[18] P. Weill And R. Woodham, «Don't Just Lead, Govern: Implementing Effective IT

Governance,» Social Science Research Network, vol. 3, number 326, Abril 2002.

[19] ISACA, «Technical Article of Sustainability,» 2011.

[20] H. Laksono And And. Supriyadi, «Design and Implementation Information

Security Governance Using Analytic Network Process and COBIT 5 For

Information Security To Marry Study of Unit XYZ,» SCOPUS, number 7437689,

p. 6, 2015.

[21] K. Youssfi, J. Boutahar And S. Elghazi, «IT GOVERNANCE

IMPLEMENTATION:To TOOL DESIGN OF COBIT 5 ROADMAP,» World

Congress of Chiropractic Students, number 7060965, pp. 115 - 121, 2015.


[22] To. Romadhona And To. Akhmad Arman, «An Analysis of Information

Technology Governance Marry study: Statistics Indonesia,» number 7437733, p.

6, 2015.

[23] ISACA, COBIT 5: processes Catalysts, U.S., 2012.

[24] ISO, International Norm ISO 26000, Ginebra, 2010.


Date post:	18-Sep-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Administration of Sustainable Environmental Information ...Administration of Sustainable...

Documents