International Journal of Applied Environmental Sciences
ISSN 0973-6077 Volume 12, Number 1 (2017), pp. 57-97
© Research India Publications
http://www.ripublication.com
Administration of Sustainable Environmental
Information Technologies based on
COBIT5 E ISO 26000
Wilmer Braulio Rivas Asanza1, Ramiro Hernán Quezada Sarmiento2,
Edison Luis Lojan Cueva3, Nancy Magaly Loja Mora4,
Bertha Eugenia Mazon Olivo5.
1 Technical University of Machala, Ecuador. 2 Technical University of Machala, Ecuador. 3 Technical University of Machala, Ecuador. 4 Technical University of Machala, Ecuador. 5 Technical University of Machala, Ecuador.
Abstract
The study uses way as inputs of environmental aspects to the environmental
norm ISO 26000 and for Government aspects of IT to the frame of work Cobit
5.0:2012. This research work does not try to define what the best input would
be but to determine if it is feasible to incorporate aspects way environmental
into IT government and as study stage appeared to Cobit 5.0:2012 and the ISO
26000. This study work is one of the several for which environmental way will
change the input to itself of sustainability and the IT govern.
The study determines the activities of the environment and the IT government,
a mapping is realized to determine the activities of environment that are related
to those of IT government who allows to define limits to define the model of IT
government sustainable, this sustainable model will become stronger with
activities of IT government that need to be implemented by environmental
average approach, new activities of environment that joined IT government and
new process with targets I come up environmental for IT government.
The result of the work will allow to the companies to apply a IT government
frame with environmental average approach that they project to the sustainable
and efficient future, with aptitude to create managerial value for the
organizations and reduce costs to help to maintain the benefits.
Keywords: COBIT 5.0:2012, ISO 26000, Environment, Sustainability,
Government of Technologies of Information.
58 Wilmer Braulio Rivas Asanza et al.
INTRODUCTION
At present there are factors of risk of continuity of the business as: the deceleration in
China, the low oil prices and the geopolitical tensions. The International Monetary Fund
worried about these things warns the significant risks that run the main economies of
market and decrease of the world economic growth for 2016 and 2017, this current
economic environment, generates an ideal climate so that the organizations are
projected to a more sustainable and efficient future, with aptitude to create managerial
value for the organizations and reduce costs to help to maintain the benefits. [1 [] 2].
The sustainability is more and more important and it is considered to be a fundamental
competition of the high direction, it has a multidimensional affectation since it
generates changes in the commercialization, investment, innovation, managerial and
human conduct [2]
ISACA, in its article of sustainability [2], indexes the definition of the doctor
Norwegian Gro Harlem Brundtland where it indicates that the sustainability is “to
satisfy the needs for the present without compromising the aptitude of the future
generations to satisfy its needs” [3], while the International organization for
Standardization (ISO) and the European Union (EU) indicate that the sustainability
“implies a balanced approach so that the organizations integrate the worries of the
actors in the operations of the business, in a way that try to benefit the organization, as
well as to its internal and external actors” [4] ISACA 2011 supports that the
sustainability is related to the normative fulfillment, the managerial ethics and the
environment, as for the sustainability terminology that it relates to “Triple P” (persons,
planet and profit), “managerial social responsibility” (RSE) and “be ecological” [2]
The Technology has turned into an authentic strategic ally of the companies, beyond a
simple support. That's why it is necessary that the information Systems of the company
provide the value and the efficiency that both the business and the users demand. To
confirm it, it is advisable to realize first of all a process of evaluation and diagnosis of
the Government of the Information technologies (from now on, IT) of the organization.
The analysis of the IT Government, in the frame of a strategic reflection, is going to
allow identifying the valuable aspects according to the contribution of optimization of
the IT function inside the organizations that want to compete at the first level. [3].
In this stage, they introduce the concept of IT Government as the person in charge of
integrating and of institutionalizing good IT management practices to guarantee that
IT’s in the company are the targets of the business support them and one makes use to
the maximum of its information, the benefits are maximized, the opportunities are
capitalized and competitive advantages are gained.
The contribution of this work is a frame of IT Government of Sustainable which allows
focusing IT Government aspects with perspective Environmental Way generating a
contribution to the investigations in the field of computing sustainability.
Administration of Sustainable Environmental Information Technologies… 59
In this field the investigations show that [5], until the year 2011 there are multiple
efforts in Green IT but models are missing, [6]There is a study in which one determines
that only 36 articles have been published, in which the investigation is related to
technology and environment and they analyze many of them from the partial point of
view, for example they treat as computers more efficient “energetically” , servants'
virtualization and other most technical aspects that center on the components being the
same weakness of the sustainability without considering environmental way from an
integral aspect, [7] it realizes a mapping between COBIT5.0, COBIT4.1 and GRI G4
but it does not conclude with any model solution, [8] this one study checks IT out-
standing government frame, COBIT 5, to determine the grade in which one supports
dimensions of the sustainability, especially in the related thing to the acquisition, use
and disposition of the assets of IT. Based on the analyses, one concludes that COBIT
5 does not tackle appropriately the aspects of sustainability that the organizations face
nowadays.
COBIT 5.0 Sustainable Limitations. The authors of the reference [8] affirm that COBIT
5.0:2012 has a sustainability deficit, because this one marked of government it does not
bear in mind the environment and, partly, the social aspects of the triple line of base.
“This defeat owes principally to the absence between the environmental and social
alignment, and the needs and targets inside COBIT 5.0:2012” [9].
Square1: COBIT 5.0:2012 Limitations
No.° Limitations
1 The absence of emphasis on the attitude of the organization towards the
sustainability.
2 IT politics that surround the origin, use and disposition of the IT assets do not
bear in mind the sustainability.
3 The absence of emphasis on application of sustainable IT politics on the daily
operations of an organization.
4 The absence of emphasis on importance of the sustainable IT practices to
guarantee the safety of the environment.
5 The absence of consideration of the responsibility of the organization of the
society to act in a sustainable way.
6 The absence of considerations of insurance with a sustainable approach.
7 The absence of emphasis on the interdependences between the business and the
environment in which it operates
8 The sustainability is not considered like a problem of managerial management.
9 Lacking in support to the control and the application of the management of the
sustainable information
10 Narrow application to support the control and the implementation of an
information system, sustainable
Source: [8]
60 Wilmer Braulio Rivas Asanza et al.
2. BACKGROUND
Develop the sustainability.
This is what it contributes, that an organization could attend to its needs, those of the
current generations and those of the future generations without these turning out to be
affected, across the delivery of economic, social and environmental benefits and this
way improve across the time the human and environmental well-being, therefore at
present the emergence of a new relation is valuable significantly between the man and
the environment, which is captured inside what comprises the sustainable development
in the last decade of last century and of the current one [10 [] 11] .
Sustainability tries to maintain a system with a complete structure across the time. A
sustainable system treats itself of surviving in not definite time, trying to avoid the
resources extinction while in the economic ambience it means that one prevents the
uses of resources from producing disruptions and collapses in the system [12].
Figure1:
Dimension of the sustainability business.
Source: The challenges for the sustainability business in the 21th century [10]
Norm ISO 26000
The norm ISO 26000 is a responsibility guide faced to the management of the integral
Social responsibility developed by means of the making and with a global approach, of
the multiple interested parts directed by the International organization of
Standardization (ISO) and that also it contributes to a sustainable development, since
includes social, economic and environmental ambiences.
The main target of this norm is offering support to the organizations so that they manage
to contribute to the sustainable development, in addition to serving like advice
instrument so that they could observe the social, environmental diversity, economic,
juridical, cultural, political and organizational of the countries in which they operate,
maintaining coherence with the international norms of behavior [15].
Economics
EnviromentSocial
Administration of Sustainable Environmental Information Technologies… 61
Govern of IT.
IT government, there are relations and processes that help the organization to reach its
targets by means of the creation of value and establishment of a balance between the
risks, the comeback of IT and its processes in order to promote a desirable conduct on
the use of IT. That is to say that insures himself of evaluating the needs for the
interested parts, the conditions and options to determine balanced and of agreed form
the targets of the company that is chased; to establish the direction across establishment
of priorities and the decision making; monitoring the performance and the fulfillment
of agreed targets [16 [] 17] .
Sustainability in IT government context. “The Sustainability presented in IT
governments is a way in which these companies achieve major profitability, many
companies are creating structures of government that encourage the behavior that
takes to the attainment of the targets of yield of the business of the company” [18], by
what there is defined a government of sustainable IT as that one who encourages a
behavior wished in the use of IT
It is important to mention that sustainable IT “minimize the damage to the environment,
in addition to changing the way that the companies carry out its activities and they
invite the companies to promote low emission, as well as to save money and to leave a
less trace in the environment, while it strains for expiring with the corporate targets.”
[19]
It is necessary to emphasize that strategy of a IT sustainable debit to be aligned by the
strategy of sustainability of the whole company, for the purpose of minimizing the
negative economic, environmental and social impacts of an activity. [6]
Cobit5:2012.
It represents a frame for IT government, and the set of hardware destined to give
support to the managers to diminish any type of existing distance between the targets
of business, the technical questions and the businesses risks, also it allows the
development of political and good practices that guarantee a better control of the
technologies of information in any company or organization, emphasizing the
fulfillment of the regulations and of such a way supports in the creation of values of the
organization from IT, in the management of the risk and to guarantee the fulfillment,
continuity, availability, safety and privacy. COBIT5:2012 is the only frame that it
integrates several standard and IT better practices, since it includes all the knowledge
of the frame of ISACA [20].
Values: Relatively to the previous versions, COBIT5:2012 it presents new conceptual
ideas, between which he proposes the beginning that 3, [21] mention in Square 1.
62 Wilmer Braulio Rivas Asanza et al.
Square 1: Beginning of COBIT5:2012.
No. Values Description
1 To satisfy the needs
for the interested
parts
It focuses so much in the targets in cascade as in the
value creation between the actors who can wait for IT
values variety.
2 To cover the
company end - a-
extremo
It indicates that COBIT does not focus only on IT
department, if not that in fact the whole company
includes for which also provides a handlebar for the
integration of the managerial management and the
creation of value by means of the specification of the
functions, to activities and relations.
3 To apply the only
reference frame
integrated.
It exhibits that the COBIT target is, to be a reference
frame and to facilitate an integration handlebar for its
use with other frames.
4 To make an approach
possible holístico
It exhibits as there are related the components of the
government of technologies of information and provide
a set of critical factors of success.
5 To separate the
government of the
management
It indicates that COBIT5:2012, the governance and the
management separates clearly.
Source: It governance implementation: a tool design of COBIT5 roadmap [21].
IT processes of Government of COBIT
According to [22], COBIT5:2012, it maintains separated the areas of government and
management, of which the government area is provided with five processes that the
called domino covers to evaluate, to direct and to continue (EDM) which are:
Domain Process Description of the process
EDM01 To guarantee the
configuration and the
maintenance of the
structure of government
He analyzes and articulates the requests for IT
government of the company and starts and
keeps the structures, processes and practices
effective facilitators, with clarity of the
responsibilities and the authority to reach the
mission, the goals and targets of the company
EDM02 To assure the benefits
delivery
To optimize the contribution to the value of
the business from the processes of business, of
IT services and things of IT of the investment
done by IT to a few acceptable costs
EDM03 To guarantee the risk
optimization
To make sure than the appetite and the
tolerance to the risk of the company be
understood, articulate and communicate and
Administration of Sustainable Environmental Information Technologies… 63
that the risk for the value of the company
related to the use of IT is identified and
managed.
EDM04 To assure the resources
optimization
To assure that the suitable ones and enough
capacities related to IT (persons, processes
and technologies) are available for supporting
efficiently the targets of the company to an
ideal cost
EDM05 To guarantee the
transparence interested
parts
To make sure that the measurement and
making of reports as for conformity and IT
performance of the company are transparent,
with approval on the part of the interested
parts of the goals, the metric ones and the
necessary actions
Source: [23]
Mapeo between the activities of the process EDM01 of COBIT5:2012 and the guide of
social responsibility ISO26000:2010
COBIT5:2012
ISO26000:2010
EDM01 - to Assure the Establishment and Maintenance of the Frame of Government
To evaluate To face To supervise
1.
To a
nal
yze
and t
o i
den
tify
the
fact
ors
of
the
inte
rnal
and e
xte
rnal
envir
onm
ent
(leg
al,
contr
actu
al a
nd r
egula
tiv
e obli
gat
ions)
and t
enden
cies
in t
he
envir
onm
ent
of
the
busi
nes
s th
at
can i
nfl
uen
ce t
he
des
ign o
f th
e gover
nm
ent.
2.
To d
eter
min
e IT
rel
evan
cy a
nd i
ts r
ole
wit
h r
egar
d t
o t
he
busi
nes
s.
3.
To c
onsi
der
th
e ex
tern
al r
egula
tions,
leg
al a
nd c
ontr
actu
al o
bli
gat
ions
and t
o d
eter
min
e how
they
must
be
appli
ed i
n I
T g
over
nm
ent
of
the
com
pan
y.
4.
To a
lign t
he
use
and t
he
ethic
al p
rose
cuti
on o
f th
e in
form
atio
n a
nd i
ts i
mpac
t in
the
soci
ety,
in t
he
nat
ura
l en
vir
onm
ent
and t
he
inte
rest
s of
the
inte
rnal
and e
xte
rnal
inte
rest
ed p
arts
wit
h
the
targ
ets,
vis
ion a
nd d
irec
tion o
f th
e co
mpan
y.
5.
To d
eter
min
e th
e im
pli
cati
ons
of
the
envir
onm
ent
of
join
t co
ntr
ol
of
the
com
pan
y w
ith w
ith
regar
d t
o I
T.
6.
To a
rtic
ula
te t
he
beg
inn
ing t
hat
wer
e guid
ing t
he
des
ign o
f th
e dec
isio
n m
akin
g o
n I
T
gover
nm
ent.
7.
To u
nder
stan
d t
he
man
ager
ial
cult
ure
of
the
dec
isio
n m
akin
g a
nd t
o d
eter
min
e an
idea
l
model
in t
he
dec
isio
n m
akin
g f
or
IT.
8.
To d
eter
min
e th
e le
vel
s ad
apte
d f
or
the
del
egat
ion o
f au
thori
ty, in
cludin
g r
ule
s of
thre
shold
s, f
or
the
dec
isio
ns
of
IT.
1.
To c
om
munic
ate
IT b
egin
nin
g o
f th
e gover
nm
ent
and t
o a
gre
e w
ith t
he
exec
uti
ve
agen
t th
e
way
of
esta
bli
shin
g a
n i
nfo
rmed
and a
wkw
ard l
eader
ship
.
2.
To e
stab
lish
or
to d
eleg
ate
the
esta
bli
shm
ent
of
the
stru
cture
s, p
roce
sses
and p
ract
ices
of
the
gover
nm
ent
in l
ine
wit
h t
he
agre
ed b
egin
nin
g o
f des
ign.
3.
To a
ssig
n r
esponsi
bil
ity,
auth
ori
ty a
nd t
he
resp
onsi
bil
ity o
f w
hic
h t
her
e ar
e ap
pli
ed t
he
beg
innin
g o
f des
igns
of
gover
nm
ent,
the
agre
ed m
odel
s of
captu
re o
f dec
isio
n a
nd o
f
del
egat
ion.
4.
To g
uar
ante
e th
at t
he
mec
han
ism
s of
noti
fica
tion a
nd o
f co
mm
unic
atio
n p
rovid
e in
form
atio
n
adap
ted t
o t
hose
wit
h t
he
resp
onsi
bil
ity o
f th
e su
per
vis
ion a
nd d
ecis
ion m
akin
g.
5.
To f
ace
to t
he
per
sonnel
so t
hat
it
conti
nues
the
exce
llen
t guid
elin
es f
or
an e
thic
al a
nd
pro
fess
ional
beh
avio
r an
d t
o g
uar
ante
e th
at t
he
conse
quen
ces
of
not
fulf
illm
ent
are
know
n a
nd
be
resp
ecte
d.
6.
To f
ace
the
esta
bli
shm
ent
of
a sy
stem
of
rew
ard t
o p
rom
ote
the
des
irab
le c
ult
ura
l ch
ang
e.
1.
To e
val
uat
e th
e ef
fect
iven
ess
and y
ield
of
the
inte
rest
ed p
arts
in w
hic
h r
esponsi
bil
ity a
nd
auth
ori
ty h
as b
een d
eleg
ated
for
IT g
over
nm
ent
of
the
com
pan
y.
2.
To e
val
uat
e per
iodic
ally
if
the
mec
han
ism
s fo
r IT
gover
nm
ent
agre
ed (
stru
cture
s, b
egin
nin
g,
pro
cess
es,
etc
.) a
re e
stab
lish
ed a
nd o
per
atin
g r
eall
y.
3.
To e
val
uat
e th
e ef
fect
iven
ess
of
the
des
ign o
f th
e gover
nm
ent
and t
o i
den
tify
the
acti
ons
to
rect
ify a
ny d
evia
tion.
4.
To m
ainta
in t
he
super
vis
ion
on t
he
poin
t up t
o w
hic
h i
t. I
T s
atis
fies
the
obli
gat
ions
(reg
ula
tions,
leg
isla
tions,
com
mon,
contr
actu
al l
aws)
, in
tern
al,
stan
dar
d p
oli
tics
and
pro
fess
ional
guid
elin
es.
5.
To p
rovid
e su
per
vis
ion o
f th
e ef
fect
iven
ess
of,
and t
he
fulf
illm
ent,
wit
h t
he
syst
em o
f
contr
ol
of
the
com
pan
y.
6.
To s
uper
vis
e th
e ro
uti
ne
and r
egula
r m
echan
ism
s to
guar
ante
e th
at t
he
use
of
IT e
xpir
es w
ith
the
exce
llen
t obli
gat
ions
(reg
ula
tive,
leg
isla
tion,
com
mon,
contr
actu
al l
aws)
, st
andar
ds
and
guid
elin
es.
1. Company or Organization
1.1 To establish Timetable of
Activities.
1.2 Definition of the Intention of
the organization.
1.3 Analysis and Definition of the
Scope of the organization.
2. Recognition of Environmental responsibility
2.1 Recognition of the Interested
parts and its interests.
64 Wilmer Braulio Rivas Asanza et al.
2.2 To identify the activities of
the organization and of the
interested parts.
2.3 To identify the laws and
applicable regulations.
2.4 To check the fulfillment grade
with regard to the environmental
laws.
2.5 To spread the relation
between the interests of the
interested parts and the
organization, as well as its
fulfillment grade with the
environmental laws.
3. Prevention of the contamination
3.1 To identify aspects and
impacts of the decisions and
activities.
3.2 To identify the sources of
contamination and residues.
3.3 To identify and avoid the use
of chemicals prohibited by the law.
3.4 To measure and register the
significant sources of contamination
and its risks in the environment.
3.5 To establish and implement
measurements to prepare the
contamination.
3.6 To establish and implement
prevention programs before accidents.
3.7 To report about the significant
sources of contamination, risks and
adopted measurements.
4. Sustainable use of the resources
4.1 To identify the used natural
resources.
4.2 To measure, register and
inform the environmental impact of
the use of the natural resources.
4.3 To establish and to implement
efficiency measurements for the use
of natural resources.
4.4 To identify alternatives for the
sustainable natural resources consumption.
4.5 To establish evaluation
schemes to promote the sustainable
procurement.
4.6 To report about the use of natural resources, impacts and
adopted measurements.
5. Protection of the environment, the biodiversity and restoration of the natural habitats
5.1 Mitigation of the climate change
5.1.1 To identify sources of
emission of GEI (Gases of effect of
Hothouse).
5.1.2 To measure and register the
emission of GEI in the organization
and its environmental impact.
5.1.3 To establish and to implement
measurements to minimize and to
prepare the GEI emission in the
organization.
5.1.4 To identify aspects of the use of fuels with approach to the life
Administration of Sustainable Environmental Information Technologies… 65
cycle and to implement programs of
efficient progress.
5.1.5 Rationalization of energy means inside the organization.
5.1.6 To inform the emission of
GEI in the organization and the
adopted measurements.
5.2 Adaptation to the climate change
5.2.1 To analyze and identify
irrigations and opportunities in the
environment and its possible climate
changes to minimize damages.
5.2.2 To establish and implement measurements for the adaptation
before the climate change.
6 Protection of the environment, the biodiversity and restoration of the natural habitats
6.1 To identify and take measures
on the possible impacts to the ecosystem.
6.2 To establish and implement
Strategies of Administration of
Ecosystems.
6.3 To analyze, to Establish and implement measurements of
protection, of the possible affected
ecosystems.
6.4 To establish and implement
measurements for the prevention
and minimization of the possible
impacts in the affected ecosystems.
6.5 Report of results and the
measurements taken before the
analysis of the possible affected
ecosystems.
7. Pursuit and Control
7.1 To realize reports of pursuit of
performance of the matters of
environmental responsibility.
7.2 To obtain cross-check of the
information obtained on the part of the interested parties and to exhibit
the points that are not included.
Source: Proper making based on the guide of social responsibility ISO26000:2010 [24] and COBIT5:2012 [23].
66 Wilmer Braulio Rivas Asanza et al.
Mapping between the activities of the process EDM02 of COBIT5:2012 and the guide
of social responsibility ISO26000:2010
COBIT5:2012
ISO26000:2010
EDM02 - to Assure the Delivery of Benefits
EDM02.01 - to Evaluate EDM02.02 - to Face EDM02.03 – to
Supervise
1.
To u
nder
stan
d t
he
requ
ests
of
the
inte
rest
ed p
arts
; IT
str
ateg
ic t
op
ics
such
lik
e th
e d
epen
den
ce o
n I
T;
and
to
un
der
stan
d t
he
tech
nolo
gy a
nd
its
cap
acit
ies
consi
der
ing I
T c
urr
ent
and
po
ten
tial
im
po
rtan
ce f
or
the
stra
teg
y o
f th
e co
mp
any
2.
To u
nder
stan
d t
he
key
ele
men
ts o
f g
ov
ern
men
t n
eces
sary
fo
r th
e ef
fect
ive
tru
stw
ort
hy
, su
re d
eliv
ery
an
d c
ost
of
an i
dea
l val
ue
for
IT u
se o
f th
e se
rvic
es,
asse
ts
and e
xis
ting a
nd p
ote
nti
al
reso
urc
es.
3.
To u
nder
stan
d a
nd t
o d
iscu
ss r
egu
larl
y t
he
op
po
rtu
nit
ies
that
mig
ht
aris
e fr
om
th
e ch
ang
es e
nab
led
in
th
e co
mp
any b
y t
he
curr
ent,
new
or
emer
gen
t te
chnolo
gie
s
and o
pti
miz
e th
e val
ue
crea
ted
by
th
ese
op
po
rtu
nit
ies.
4.
To u
nder
stan
d w
hat
is
un
der
sto
od
by
val
ue
in t
he
com
pan
y a
nd
to
th
ink
ho
w o
f g
oo
d o
ne
has
co
mm
un
icat
ed,
un
der
stood a
nd a
ppli
ed a
cross
the
pro
cess
es o
f th
e
com
pan
y.
5.
To e
val
uat
e th
e ef
fect
iven
ess
of
the
inte
gra
tio
n a
nd
IT
ali
gn
men
t o
f th
e st
rate
gie
s in
th
e co
mp
any
an
d w
ith
th
e ta
rget
s of
the
com
pan
y t
o c
ontr
ibute
val
ue.
6.
To u
nder
stan
d a
nd t
o t
hin
k h
ow
eff
ecti
ve a
re t
he
roll
s, r
esp
on
sib
ilit
ies,
all
oca
tio
ns
and
cu
rren
t o
rgan
ism
s o
f d
ecis
ion m
akin
g a
ssuri
ng t
he
crea
tion o
f val
ue
of
the
inves
tmen
ts,
serv
ices
and a
sset
s o
f y
ou
.
7.
To
thin
k h
ow
quit
e al
ign
ed i
s IT
man
agem
ent
of
the
inv
estm
ents
, se
rvic
es a
nd
ass
ets
wit
h t
he
man
agem
ent
of
val
ue
and t
he
pra
ctic
es o
f fi
nan
cial
man
agem
ent
8.
To e
val
uat
e th
e al
ignm
ent
of
the
bri
efc
ase
of
inv
estm
ents
, se
rvic
es a
nd
ass
ets
wit
h t
he
stra
teg
ic t
arg
ets
of
the
com
pan
y;
wit
h t
he
finan
cial
and n
ot
finan
cial
val
ue
of
the
com
pan
y;
wit
h t
he
risk
, so
mu
ch f
rom
ser
vic
e as
to
th
at o
f th
e b
enef
it;
wit
h t
he
bu
sin
ess
pro
cess
es;
the
effe
ctiv
enes
s in
ter
ms
of
usa
bil
idad
, av
aila
bil
ity a
nd
resp
onsi
bil
ity;
and e
ffic
ien
cy i
n c
ost
ter
ms,
red
un
dan
cy a
nd
tec
hn
ical
hea
lth
. 1.
To d
efin
e an
d t
o c
om
mu
nic
ate
the
po
rtfo
lio
an
d t
he
typ
es o
f in
ves
tmen
t, c
ateg
ori
es,
crit
eria
an
d w
eig
hti
ng
rel
ativ
e to
the c
rite
ria
that
should
all
ow
punct
uat
ions
of
rela
tive
val
ues
. 2.
To d
efin
e th
e re
ques
ts f
or
the
ph
ase
chan
ges
(st
age-g
ate)
an
d o
ther
rev
iew
s fo
r th
e im
po
rtan
ce o
f th
e in
ves
tmen
t fo
r th
e co
mpany a
nd t
he
asso
ciat
e ri
sk,
tim
etab
le o
f th
e pro
gra
m,
pla
ns
of
fin
anci
ng
an
d t
he
del
iver
y o
f k
ey c
apac
itie
s an
d b
enef
its
and
th
e co
ntr
ibu
tio
n c
onti
nued
to t
he
val
ue.
3.
To f
ace
to t
he
dir
ecti
on
to
co
nsi
der
po
ten
tial
use
s o
f IT
in
no
vat
ors
th
at t
hey
sh
ou
ld m
ake
po
ssib
le t
hat
th
e co
mp
any a
nsw
ers
to n
ew o
pport
unit
ies
and c
hal
lenges
,
carr
ies
out
new
busi
nes
s, i
ncr
ease
s th
e co
mp
etit
iven
ess
or
imp
rov
es
its
pro
cess
es.
4.
To f
ace
the
nec
essa
ry c
han
ges
in
th
e al
loca
tio
n o
f im
pu
tati
on
s an
d r
esp
on
sib
ilit
ies
in t
he
exec
uti
on
of
the
bri
efca
se o
f in
ves
tmen
ts a
nd t
he
del
iver
y o
f val
ue
from
the
serv
ices
and b
usi
nes
s p
roce
sses
. 5.
To d
efin
e an
d t
o c
om
mu
nic
ate
at c
om
pan
y l
evel
th
e ta
rget
s o
f d
eliv
ery
of
val
ue
and
th
e re
sult
s m
easu
rem
ents
to
all
ow
an e
ffec
tive
contr
ol.
6.
To f
ace
the
nec
essa
ry c
han
ges
in
th
e p
ort
foli
o o
f in
ves
tmen
ts a
nd
ser
vic
es f
or
real
inea
rlo
s w
ith
th
e cu
rren
t an
d a
wai
ted t
arget
s of
the
com
pan
y a
nd/o
r it
s
lim
itat
ions.
7.
To r
ecom
men
d t
he
con
sid
erat
ion
of
po
ten
tial
in
no
vat
ion
s, o
rgan
izat
ion
al c
han
ges
or
op
erat
ive
pro
gre
ss t
hat
fro
m t
he
init
iati
ves
IT
could
im
pel
a v
alue
incr
ease
for
the
com
pan
y.
1.
To d
efin
e a
bal
ance
d s
et o
f ta
rget
s o
f p
erfo
rman
ce,
met
ric,
go
als
and
po
ints
of
refe
ren
ce.
the
met
ric
on
es s
ho
uld
cover
the
acti
vit
y a
nd t
he
resu
lts
mea
sure
men
t,
incl
udin
g t
he
ind
icat
ors
of
del
ay a
nd
of
adv
ance
of
the
resu
lts,
as
wel
l as
a s
uit
able
bal
ance
of
the
fin
anci
al a
nd
no
t fi
nan
cial
mea
sure
men
ts.
To c
hec
k t
hem
and t
o
agre
e th
em w
ith Y
OU
R f
un
ctio
ns
and
of
bu
sin
ess,
an
d o
ther
ex
cell
ent
inte
rest
ed p
arts
. 2.
To g
ather
the
per
tinen
t, o
pp
ort
un
e, f
inis
hed
, tr
ust
wo
rth
y a
nd
pre
cise
in
form
atio
n t
o r
epo
rt o
n t
he
adv
ance
s in
th
e val
ue
del
iver
y w
ith r
egar
d t
o t
he
targ
ets.
To
obta
in t
he
succ
inct
one,
of
hig
h l
evel
, fi
nis
hed
sig
ht
of
the
po
rtfo
lio
, p
rog
ram
an
d p
erfo
rman
ce I
T (
tech
nic
al a
nd
op
erat
ive
capac
itie
s) t
hat
support
the
dec
isio
n
mak
ing a
nd m
ake
sure
th
at t
he
awai
ted
res
ult
s ar
e ac
hie
ved
. 3.
To o
bta
in h
abit
ual
and e
xce
llen
t IT
rep
ort
s o
f th
e p
ort
foli
o,
pro
gra
m a
nd
per
form
ance
(tec
hn
olo
gic
al a
nd
fu
nct
ional
). T
o c
hec
k t
he
pro
gre
ss o
f th
e co
mpan
y
tow
ards
the
iden
tifi
ed t
arg
ets
and
th
e g
rad
e in
wh
ich
th
e d
ue
targ
ets
are
reac
hed
, th
e o
bta
ined
en
treg
able
s, t
he
reac
hed
tar
get
s of
yie
ld a
nd t
he
mit
igat
ed r
isk.
4.
Aft
er t
he
revie
w o
f th
e re
po
rts,
to
tak
e th
e ad
apte
d m
anag
emen
t m
easu
res
as i
t is
nec
essa
ry t
o a
ssu
re t
hat
th
e v
alue
should
be
opti
miz
ed.
5.
Aft
er t
he
revie
w o
f th
e re
po
rts,
mak
e su
re t
hat
th
e ap
pro
pri
ate
corr
ecti
on
al p
oli
cies
are
in
itia
ted
an
d c
on
tro
lled
.
1. Company or Organization
1.4 To establish Timetable of
Activities.
1.5 Definition of the Intention of
the organization.
1.6 Analysis and Definition of the
Scope of the organization.
2. Recognition of Environmental responsibility
Administration of Sustainable Environmental Information Technologies… 67
2.1 Recognition of the Interested
parts and its interests.
2.2 To identify the activities of the
organization and of the interested
parts.
2.3 To identify the laws and
applicable regulations.
2.4 To check the fulfillment grade
with regard to the environmental
laws.
2.5 To spread the relation between
the interests of the interested parts
and the organization, as well as its
fulfillment grade with the
environmental laws.
3. Prevention of the contamination
3.1 To identify aspects and
impacts of the decisions and
activities.
3.2 To identify the sources of
contamination and residues.
3.3 To identify and avoid the use
of chemicals prohibited by the law.
3.4 To measure and register the
significant sources of contamination
and its risks in the environment.
3.5 To establish and to implement
measurements to prepare the
contamination.
3.6 To establish and to implement
prevention programs before
accidents.
3.7 To report about the significant
sources of contamination, risks and
adopted measurements.
4. Sustainable use of the resources
4.1 To identify the used natural
resources.
4.2 To measure, register and
inform the environmental impact of
the use of the natural resources.
4.3 To establish and implement
efficiency measurements for the use
of natural resources.
4.4 To identify alternatives for the
sustainable natural resources
consumption.
4.5 To establish evaluation
schemes to promote the sustainable
procurement.
4.6 To report about the use of
natural resources, impacts and
adopted measurements.
5. Protection of the environment, the biodiversity and restoration of the natural habitats
5.1 Mitigation of the climate change
5.1.1 To identify sources of emission
of GEI (Gases of effect of
Hothouse).
5.1.2 To measure and register the
emission of GEI in the organization
and its environmental impact.
5.1.3 To establish and to implement
measurements to minimize and to
68 Wilmer Braulio Rivas Asanza et al.
prepare the GEI emission in the
organization.
5.1.4 To identify aspects of the use
of fuels with approach to the life
cycle and to implement programs of
efficient progress.
5.1.5 Rationalization of energy
means inside the organization.
5.1.6 To inform the emission of GEI
in the organization and the adopted
measurements.
5.2 Adaptation to the climate change
5.2.1 To analyze and identify
irrigations and opportunities in the
environment and its possible climate
changes to minimize damages.
5.2.2 To establish and implement
measurements for the adaptation
before the climate change.
6. Protection of the environment, the biodiversity and restoration of the natural habitats
6.1 To identify and take measures
on the possible impacts to the
ecosystem.
6.2 To establish and implement
Strategies of Administration of
Ecosystems.
6.3 To analyze, Establish and
implement measurements of
protection, of the possible affected
ecosystems.
6.4 To establish and implement
measurements for the prevention and
minimization of the possible impacts
in the affected ecosystems.
6.5 Report of results and the
measurements taken before the
analysis of the possible affected ecosystems.
7. Pursuit and Control
7.1 To realize reports of pursuit of
performance of the matters of
environmental responsibility.
7.2 To obtain cross-check of the
information obtained on the part of the interested parties and to exhibit
the points that are not included.
Source: Proper making based on the guide of social responsibility ISO26000:2010 [24] and COBIT5:2012 [23].
Administration of Sustainable Environmental Information Technologies… 69
Mapping between the activities of the process EDM03 of COBIT5:2012 and the guide
of social responsibility ISO26000:2010
COBIT5:2012
ISO26000:2010
EDM03 - to Assure the Optimization of the Risk
To evaluate To face To supervise
1. T
o d
eter
min
e th
e le
vel
of
risk
s re
late
d t
o I
T t
hat
th
e co
mpan
y i
s re
ady t
o t
ake
up o
ffic
e to
expir
e w
ith i
ts t
arg
ets
(app
etit
e of
risk
).
2. T
o e
val
uat
e an
d t
o s
up
po
rt p
ropo
sal
of
thre
sho
lds
of
tole
ran
ce t
he
risk
IT
opposi
te t
o t
he
acce
pta
ble
lev
els
of
risk
and
op
po
rtu
nit
y f
or
the
com
pan
y.
3. T
o d
eter
min
e IT
gra
de
of
alig
nm
ent
of
the
stra
tegy
of
risk
s w
ith
the
stra
tegy
of
man
ager
ial
risk
s.
4. T
o e
val
uat
e pro
acti
vam
ente
th
e ri
sk f
acto
rs I
T b
efo
re t
he
han
gin
g s
trat
egic
dec
isio
ns
on
th
e co
mp
any a
nd t
o
mak
e su
re t
hat
the
dec
isio
ns
of
the
com
pan
y t
ake
consc
ious
of
the
risk
s.
5. T
o d
eter
min
e if
the
use
of
IT i
s su
bje
ct t
o a
n e
val
uat
ion
and
su
itab
le e
val
uat
ion
of
risk
, ac
cord
ing
to
th
e d
escr
ibed
in e
xce
llen
t nat
ional
an
d i
nte
rnat
ion
al s
tand
ards.
6
. T
o e
val
uat
e th
e ac
tivit
ies
of
man
agem
ent
of
risk
s to
gu
aran
tee
its
alig
nm
ent
wit
h t
he
cap
acit
ies
of
the
com
pany
for
the
loss
es r
elat
ed t
o I
T a
nd
th
e to
lera
nce
of
the
lead
ers
to t
he
sam
e on
es.
1. T
o p
rom
ote
a c
ult
ure
of
the
risk
s IT
an
d t
o i
mpel
th
e co
mp
any
to a
pro
acti
ve
risk
id
enti
fica
tion o
f IT
,
oppo
rtu
nit
ies
and p
ote
nti
al i
mp
acts
in
the
busi
nes
s.
2. T
o f
ace
the
inte
gra
tion
of
the
op
erat
ion
s an
d I
T r
isk
s st
rate
gy
wit
h t
he
dec
isio
ns
and
str
ateg
ic m
anag
eria
l
oper
atio
ns.
3
. T
o f
ace
the
mak
ing o
f p
lans
of
com
mu
nic
atio
n o
f ri
sks
(co
ver
ing
all
th
e le
vel
s o
f th
e co
mp
any
), a
s w
ell
as t
he
pla
ns
of
acti
on
of
risk
. 4
. T
o f
ace
the
imp
lanta
tion
of
mec
han
ism
s ad
apte
d t
o a
nsw
er q
uic
kly
to
th
e ch
angea
ble
ris
ks
and
to
no
tify
imm
edia
tely
at
the
adap
ted
man
agem
ent
lev
els,
su
ppo
rted
beg
innin
g o
f cl
imb
ed a
gre
ed (
than
to r
eport
, w
hen
, w
her
e
and
ho
w).
5
. T
o f
ace
so t
hat
th
e ri
sk, th
e op
po
rtun
itie
s, t
he
pro
ble
ms
and
wo
rrie
s co
uld
be
iden
tifi
ed a
nd
no
tifi
ed b
y a
ny
per
son i
n a
ny m
om
ent.
Th
e ri
sk m
ust
be
man
aged
in a
cco
rdan
ce w
ith
th
e po
liti
cs a
nd
pro
cedu
res
rele
ased
and
clim
bed
to t
he
exce
llen
t dec
iso
res
6. T
o i
den
tify
th
e ta
rget
s an
d k
ey i
nd
icat
ors
of
the
pro
cess
es o
f gov
ern
men
t an
d m
anag
emen
t o
f ri
sks
to b
e
monit
ore
d a
nd t
o a
pp
rov
e th
e ap
pro
aches
, m
ethods,
sk
ills
an
d p
roce
sses
to
cap
ture
and
to n
oti
fy t
he
mea
sure
men
t
info
rmat
ion
. 1
. T
o s
up
erv
ise
unti
l poin
t m
anag
es t
he
risk
pro
file
in
sid
e th
e th
resh
old
s of
app
etit
e o
f ri
sk.
2. T
o s
up
erv
ise
the
goal
s an
d m
etri
c k
ey o
f m
anag
emen
t of
the
pro
cess
es o
f go
ver
nm
ent
and
man
agem
ent
of
the
risk
wit
h r
egar
d t
o t
he
targ
ets,
to
anal
yze
th
e ca
use
s of
the
dev
iati
ons
and t
o i
nit
iate
co
rrec
tion
al p
oli
cies
to
tac
kle
the
un
der
lyin
g c
ause
s.
3. T
o f
acil
itat
e th
e re
vie
w o
n t
he
mai
n i
nte
rest
ed p
arts
of
the
pro
cess
of
the
com
pan
y t
ow
ard
s th
e id
enti
fied
tar
get
s.
4. T
o i
nfo
rm a
ny p
roble
m o
f m
anag
emen
t o
f ri
sks
to t
he
Ad
vic
e o
r to
the
Com
mit
tee
of
Dir
ecti
on
.
1. Company or Organization
1.1 To establish Timetable of Activities.
1.2 Definition of the Intention of the
organization.
1.3 Analysis and Definition of the Scope of the
organization.
2. Recognition of Environmental responsibility
2.1 Recognition of the Interested parts and its
interests.
2.2 To identify the activities of the organization
and of the interested parts.
2.3 To identify the laws and applicable
regulations.
2.4 To check the fulfillment grade with regard to
the environmental laws.
2.5 To spread the relation between the interests of
the interested parts and the organization, as well as
its fulfillment grade with the environmental laws.
3. Prevention of the contamination
70 Wilmer Braulio Rivas Asanza et al.
3.1 To identify aspects and impacts of the
decisions and activities.
3.2 To identify the sources of contamination and
residues.
3.3 To identify and to avoid the use of chemicals
prohibited by the law.
3.4 To measure and register the significant
sources of contamination and its risks in the
environment.
3.5 To establish and implement measurements to
prepare the contamination.
3.6 To establish and implement prevention
programs before accidents.
3.7 To report about the significant sources of contamination, risks and adopted measurements.
4. Sustainable use of the resources
4.1 To identify the used natural resources.
4.2 To measure, register and inform the
environmental impact of the use of the natural
resources.
4.3 To establish and implement efficiency
measurements for the use of natural resources.
4.4 To identify alternatives for the sustainable
natural resources consumption.
4.5 To establish evaluation schemes to promote
the sustainable procurement.
4.6 To report about the use of natural resources,
impacts and adopted measurements.
5. Protection of the environment, the biodiversity and restoration of the natural habitats
5.1 Mitigation of the climate change
5.1.1 To identify sources of emission of GEI
(Gases of effect of Hothouse).
5.1.2 To measure and register the emission of GEI
in the organization and its environmental impact.
5.1.3 To establish and implement measurements to
minimize and to prepare the GEI emission in the
organization.
5.1.4 To identify aspects of the use of fuels with
approach to the life cycle and to implement programs of efficient progress.
5.1.5 Rationalization of energy means inside the
organization.
5.1.6 To inform the emission of GEI in the
organization and the adopted measurements.
5.2 Adaptation to the climate change
5.2.1 To analyze and identify irrigations and
opportunities in the environment and its possible
climate changes to minimize damages.
5.2.2 To establish and implement measurements for
the adaptation before the climate change.
6. Protection of the environment, the biodiversity and restoration of the natural habitats
6.1 To identify and take measures on the possible
impacts to the ecosystem.
6.2 To establish and implement Strategies of
Administration of Ecosystems.
6.3 To analyze, establish and implement
measurements of protection, of the possible
affected ecosystems.
6.4 To establish and implement measurements for
the prevention and minimization of the possible
impacts in the affected ecosystems.
Administration of Sustainable Environmental Information Technologies… 71
6.5 Give a report of results and the measurements
taken before the analysis of the possible affected
ecosystems.
7. Pursuit and Control
7.1 To realize reports of pursuit of performance
of the matters of environmental responsibility.
7.2 To obtain cross-check of the information
obtained on the part of the interested parties and to
exhibit the points that are not included.
Source: Proper making based on the guide of social responsibility ISO26000:2010 [24] and COBIT5:2012 [23].
72 Wilmer Braulio Rivas Asanza et al.
Mapping between the activities of the process EDM04 of COBIT5:2012 and the guide
of social responsibility ISO26000:2010 COBIT5:2012
ISO26000:2010
EDM04 - to Assure the Resources optimization
To evaluate To face To supervise
1. -
To
Ex
amin
e an
d to
ev
alu
ate
the
curr
ent an
d f
utu
re s
trat
egy, th
e op
tions
of
supply
of
IT r
esourc
es
and
to
dev
elo
p a
pti
tud
es t
o c
ov
er t
he
curr
ent
and
futu
re n
eeds
(incl
udin
g s
upply
alt
ernati
ves
).
2.
- T
o D
efin
e th
e b
egin
nin
g t
o g
uid
e th
e al
loca
tion a
nd r
esourc
es m
anag
emen
t an
d c
apac
itie
s so
that
IT
th
e n
eed
s fo
r th
e co
mp
any
co
uld
sa
tisf
y th
em,
wit
h th
e sk
ill
and ca
pac
ity nee
ded
in
acco
rdan
ce w
ith
th
e ag
reed
pri
ori
ties
an
d t
he
bu
dget
ary l
imit
atio
ns.
3
. -
To
Ch
eck
an
d t
o a
pp
rov
e th
e p
lan
of
reso
urc
es a
nd t
he
stra
tegie
s of
arch
itec
ture
of
the
com
pan
y
for
the
del
iver
y o
f v
alu
e an
d t
he
mit
igat
ion
of
risk
s w
ith t
he
assi
gned
res
ourc
es.
4.
- T
o U
nd
erst
and
th
e re
qu
isit
es t
o a
lig
n t
he
reso
urc
es m
anag
emen
t w
ith t
he
pla
nn
ing o
f fi
nan
cial
and
hu
man
man
ager
ial
reso
urc
es.
5. -
To
Def
ine
the
beg
inn
ing
fo
r th
e m
anag
em
ent an
d the
contr
ol o
f th
e ar
chit
ectu
re o
f th
e co
mpan
y.
1.
- T
o C
om
mu
nic
ate
and
to
im
pel
th
e ad
op
tio
n o
f st
rate
gie
s of
reso
urc
es m
anag
emen
t, b
egin
nin
g
and
th
e ag
reed
pla
n o
f re
sou
rces
an
d t
he
stra
teg
ies
of
arch
itec
ture
of
com
pan
ies.
2.
- T
o A
ssig
n r
esp
on
sib
ilit
ies
for
the
reso
urc
es m
anag
emen
t ex
ecuti
on.
3.
- T
o D
efin
e th
e ta
rget
s, m
easu
red
an
d m
etri
c k
ey f
or
the
man
agem
ent
of
the
reso
urc
es.
4.
- T
o E
stab
lish
th
e b
egin
nin
g r
ela
ted
to
th
e p
rote
ctio
n o
f re
sou
rces
.
5.
- T
o A
lig
n t
he
reso
urc
es m
anag
emen
t w
ith
th
e pla
nnin
g o
f H
um
an R
esourc
es a
nd f
inan
cier
of
the
com
pan
y.
1.
- T
o S
up
erv
ise
the
allo
cati
on
an
d r
eso
urc
es o
pti
miz
atio
n i
n a
ccord
ance
wit
h t
he t
arget
s an
d
pri
ori
ties
of
the
com
pan
y b
y m
ean
s o
f ta
rgets
an
d m
etri
c ag
reed
.
2.
- T
o S
up
erv
ise
the
sup
ply
IT
str
ateg
ies
and
of
arch
itec
ture
of
the
com
pany a
nd
the
reso
urc
es a
nd
IT a
pti
tud
es t
o g
uar
ante
e th
at t
he
curr
ent
and
fu
ture
nee
ds
for
the
com
pan
y c
ould
be
sati
sfie
d.
3.
- T
o S
up
erv
ise
the
yie
ld o
f th
e re
sou
rces
op
posi
te t
o t
he
targ
ets
, to
anal
yze
the
cause
s of
the
dev
iati
on
s an
d t
o i
nit
iate
co
rrec
tiv
e ac
tio
ns
to s
olv
e th
e under
lyin
g c
ause
s.
1. Company or Organization
1.1 To establish Timetable of Activities. 1.2 Definition of the Intention of the organization. 1.3 Analysis and Definition of the Scope of the
organization.
2. Recognition of Environmental responsibility
2.1 Recognition of the Interested parts and its interests. 2.2 To identify the activities of the organization and of the
interested parts.
2.3 To identify the laws and applicable regulations. 2.4 To check the fulfillment grade with regard to the
environmental laws.
2.5 To spread the relation between the interests of the
interested parts and the organization, as well as its
fulfillment grade with the environmental laws.
3. Prevention of the contamination
3.1 To identify aspects and impacts of the decisions and
activities.
3.2 To identify the sources of contamination and residues. 3.3 To identify and avoid the use of chemicals prohibited
by the law.
3.4 To measure and register the significant sources of
contamination and its risks in the environment.
3.5 To establish and implement measurements to prepare
the contamination.
3.6 To establish and implement prevention programs before accidents.
3.7 To report about the significant sources of
contamination, risks and adopted measurements.
4. Sustainable use of the resources
4.1 To identify the used natural resources.
Administration of Sustainable Environmental Information Technologies… 73
4.2 To measure, register and inform the environmental
impact of the use of the natural resources.
4.3 To establish and implement efficiency measurements
for the use of natural resources.
4.4 To identify alternatives for the sustainable natural
resources consumption.
4.5 To establish evaluation schemes to promote the
sustainable procurement.
4.6 To report about the use of natural resources, impacts
and adopted measurements.
5. Protection of the environment, the biodiversity and restoration of the natural habitats
5.1 Mitigation of the climate change
5.1.1 To identify sources of emission of GEI (Gases of
effect of Hothouse).
5.1.2 To measure and register the emission of GEI in the
organization and its environmental impact.
5.1.3 To establish and implement measurements to minimize and to prepare the GEI emission in the
organization.
5.1.4 To identify aspects of the use of fuels with approach
to the life cycle and to implement programs of efficient
progress.
5.1.5 Rationalization of energy means inside the
organization.
5.1.6 To inform the emission of GEI in the organization and
the adopted measurements.
5.2 Adaptation to the climate change
5.2.1 To analyze and identify irrigations and opportunities
in the environment and its possible climate changes to
minimize damages.
5.2.2 To establish and implement measurements for the
adaptation before the climate change.
6. Protection of the environment, the biodiversity and restoration of the natural habitats
6.1 To identify and take measures on the possible impacts
to the ecosystem.
6.2 To establish and implement Strategies of Administration of Ecosystems.
6.3 To analyze, establish and implement measurements of
protection, of the possible affected ecosystems.
6.4 To establish and implement measurements for the
prevention and minimization of the possible impacts in the
affected ecosystems.
6.5 Report of results and the measurements taken before
the analysis of the possible affected ecosystems.
7. Pursuit and Control
7.1 To realize reports of pursuit of performance of the
matters of environmental responsibility.
7.2 To obtain cross-check of the information obtained on
the part of the interested parties and to exhibit the points that
are not included.
Source: Proper making based on the guide of social responsibility ISO26000:2010 [24] and COBIT5:2012 [23].
74 Wilmer Braulio Rivas Asanza et al.
Mapping between the activities of the process EDM05 of COBIT5:2012 and the guide
of social responsibility ISO26000:2010
COBIT5:2012
ISO26000:2010
EDM05 - to Assure the Transparence towards the Interested
Parts
To evaluate To face To supervise
1.
- T
o E
xam
ine
and
to
judg
e th
e cu
rren
t re
qu
isit
es a
nd
futu
res
of
mak
ing o
f
repo
rts
wit
h r
egar
d t
o t
he
use
of
IT i
nsi
de
the
com
pan
y (
reg
ula
tion
, le
gis
lati
on.
gen
eral
law
s. c
ontr
actu
al r
equis
ites
). I
ncl
udin
g s
cop
e an
d f
requ
ency
.
2.
- T
o E
xam
ine
and
to
judg
e th
e cu
rren
t re
qu
isit
es a
nd
futu
res
of
mak
ing o
f
repo
rts
for
oth
er in
tere
sted
par
ties
con
cern
s to
the
use
of
IT i
nsi
de
the
com
pan
y.
Incl
udin
g s
cope
and
cond
itio
ns.
3.
- T
o M
ainta
in t
he
beg
innin
g o
f co
mm
unic
atio
n w
ith e
xte
rnal
an
d i
nte
rnal
inte
rest
ed p
arti
es,
incl
udin
g f
orm
ats
and
ch
ann
els
of
com
mu
nic
atio
n a
nd t
he
beg
innin
g o
f ac
cep
tan
ce a
nd
app
rov
al o
f th
e re
port
s o
n th
e p
art
of
the
inte
rest
ed
par
ts.
1. -
To
Fac
e th
e es
tabli
shm
ent o
f th
e st
rate
gy o
f co
mm
unic
atio
n f
or
exte
rnal
and
inte
rnal
in
tere
sted
par
ties
.
2.
- T
o F
ace
the
mec
han
ism
s im
ple
men
tati
on t
o g
uar
ante
e th
at t
he
info
rmat
ion
fulf
ills
all
th
e cr
iter
ia o
f th
e ob
lig
atory
co
rpo
rate
req
uis
ites
as
for
IT r
epo
rts
mak
ing
. 3
. -
To
Est
abli
sh m
ech
anis
ms
of
rati
fica
tio
n a
nd
app
rov
al o
f th
e o
bli
gat
ory
mak
ing
of
repo
rts.
4. -
To
Est
abli
sh m
ech
anis
ms
of
clim
bed
in
th
e re
po
rts
mak
ing.
1.
- T
o E
val
uat
e p
erio
dic
ally
the
effi
cacy
of
the
mec
han
ism
s to
as
sure
the
pre
cisi
on
and
th
e re
liab
ilit
y o
f th
e ob
lig
atory
mak
ing o
f re
po
rts.
2. -
To
Ev
aluat
e per
iodic
ally
th
e ef
fica
cy o
f th
e m
ech
anis
ms
and
the
exit
s o
f th
e
com
mu
nic
atio
n w
ith e
xte
rnal
and
inte
rnal
in
tere
sted
par
ties
.
3. -
To
Det
erm
ine
if th
e re
quis
ites
of
the
dif
fere
nt
inte
rest
ed p
arti
es a
re f
ulf
ille
d.
1. Company or Organization
1.1 To establish Timetable of Activities. 1.2 Definition of the Intention of the organization. 1.3 Analysis and Definition of the Scope of the organization. 2. Recognition of Environmental responsibility
2.1 Recognition of the Interested parts and its interests. 2.2 To identify the activities of the organization and of the
interested parts.
2.3 To identify the laws and applicable regulations. 2.4 To check the fulfillment grade with regard to the environmental
laws.
2.5 To spread the relation between the interests of the interested
parts and the organization, as well as its fulfillment grade with the
environmental laws.
3. Prevention of the contamination
3.1 To identify aspects and impacts of the decisions and activities. 3.2 To identify the sources of contamination and residues. 3.3 To identify and avoid the use of chemicals prohibited by the
law.
3.4 To measure and register the significant sources of
contamination and its risks in the environment.
3.5 To establish and implement measurements to prepare the contamination.
3.6 To establish and implement prevention programs before
accidents.
3.7 To report about the significant sources of contamination, risks
and adopted measurements.
4. Sustainable use of the resources
4.7 To identify the used natural resources. 4.8 To measure, register and inform the environmental impact of
the use of the natural resources.
4.9 To establish and implement efficiency measurements for the use
of natural resources.
4.10 To identify alternatives for the sustainable natural resources
consumption.
Administration of Sustainable Environmental Information Technologies… 75
4.11 To establish evaluation schemes to promote the sustainable
procurement.
4.12 To report about the use of natural resources, impacts and
adopted measurements.
5. Protection of the environment, the biodiversity and restoration of the natural habitats
5.1 Mitigation of the climate change
5.1.1 To identify sources of emission of GEI (Gases of effect of
Hothouse).
5.1.2 To measure and register the emission of GEI in the organization
and its environmental impact.
5.1.3 To establish and implement measurements to minimize and to
prepare the GEI emission in the organization.
5.1.4 To identify aspects of the use of fuels with approach to the life
cycle and to implement programs of efficient progress.
5.1.5 Rationalization of energy means inside the organization. 5.1.6 To inform the emission of GEI in the organization and the
adopted measurements.
5.2 Adaptation to the climate change
5.2.2 To analyze and identify irrigations and opportunities in the
environment and its possible climate changes to minimize damages.
5.2.3 To establish and implement measurements for the adaptation before the climate change.
6. Protection of the environment, the biodiversity and restoration of the natural habitats
6.1 To identify and take measures on the possible impacts to the
ecosystem.
6.2 To establish and implement Strategies of Administration of
Ecosystems.
6.3 To analyze, establish and implement measurements of
protection, of the possible affected ecosystems.
6.4 To establish and implement measurements for the prevention
and minimization of the possible impacts in the affected ecosystems.
6.5 Report of results and the measurements taken before the
analysis of the possible affected ecosystems.
7. Pursuit and Control
7.3 To realize reports of pursuit of performance of the matters of
environmental responsibility.
7.4 To obtain cross-check of the information obtained on the part of
the interested parties and to exhibit the points that are not included.
Source: Proper making based on the guide of social responsibility ISO26000:2010 [24]
and COBIT5:2012 [23].
Alignment of the activities of the norm internment ISO26000:2010 with IT processes of
management of "COBIT5:2012".
The present analysis consists of identifying which of the activities of sostenibilidad
way environmental modality to the norm ISO26000:2010, is aligned to the processes
of management of managerial YOU of the referential frame COBIT5:2012, the same
one that sees 11 reflected in *Cuadro.
76 Wilmer Braulio Rivas Asanza et al.
Square 2. Alignment between the processes of management of COBIT5:2012 and
activities of the guide of social responsibility of social responsibility ISO26000:2010.
COBIT5:2012 ISO26000:2010
Dom
ain
Process Activities
AP
O01
To manage IT
management frame
1.3 Analysis and definition of the scope of the
organization.
AP
O03
To manage the managerial
architecture
2.1 Recognition of the interested parts and its
interests.
2.2 To identify the activities of the
organization and of the interested parts.
AP
O04
To manage the innovation 4.5 To establish evaluation schemes to promote
the sustainable procurement.
5.1.5 Rationalization of energy means inside
the organization.
AP
O12
To manage the risk 3.1 To identify aspects and impacts of the
decisions and activities.
3.4 To measure and register the significant
sources of contamination and its risks in the
environment.
3.7 To report about the significant sources of
contamination, risks and adopted
measurements.
4.2 To measure, register and inform the
environmental impact of the use of the natural
resources.
4.6 To report about the use of natural
resources, impacts and adopted measurements.
5.1.2 To measure and register the emission of
GEI in the organization and its environmental
impact.
5.1.6 To inform the emission of GEI in the
organization and the adopted measurements.
5.2.1 To analyze and identify irrigations and
opportunities in the environment and its
Administration of Sustainable Environmental Information Technologies… 77
possible climate changes to minimize the
damages.
5.2.2 To establish and implement
measurements for the adaptation before the
climate change.
6.1 To identify and take measures on the
possible impacts to the ecosystem.
6.4 To establish and implement measurements
for the prevention and minimization of the
possible impacts in the affected ecosystems.
DS
S02
To manage requests and
service incidents
3.6 To establish and implement prevention
programs before accidents.
DS
S04
To manage the Continuity
ME
A01
To supervise, to evaluate
and to value the yield and
the continuity
4.5 To establish evaluation schemes to promote
the sustainable procurement.
7.1 To realize reports of pursuit of performance
of the matters of environmental responsibility.
ME
A03
To supervise, to evaluate
and to value the continuity
with the external requests
2.3 To identify the laws and applicable
regulations.
2.4 To check the fulfillment grade with regard
to the environmental laws. Source: Proper making, based in COBIT5:2012 [23] and the guide of social responsibility ISO26000:2010 [24].
Identification of Limitations.
Based on the mapping carried out between the obtained activities of the guide of social
responsibility ISO26000:2010 opposite to the activities corresponding to IT processes
of the frame of government COBIT5:2012, there was identified the type of limitation
that they present IT government frame earlier mentioned to fulfill with the
characteristics of sostenibilidad environmental way which carried out in Square 13,
adopting the symbology explained in *Square 12.
Square 3. Symbology used in the limitations
Simbología
Symbol Meaning
Approach
Activity
None
Source: Proper making
78 Wilmer Braulio Rivas Asanza et al.
Activity Type Justification
2. Recognition of Environmental responsibility
2.1 Recognition of the
interested parts and its
interests
IT activity of the processes of government
COBIT5:2012, which expires partly with this activity
is:
The activity 1, of the section to Evaluate of the
process EDM02
Since it satisfies as for the recognition of the interests
of the interested parts, bearing in mind that it is
necessary to know previously those who are the
interested parts, with the difference that here does it to
itself according to IT, while in the activity 2.1
regarding the guide of social responsibility
ISO26000:2010, considering the environment.
2.2 To identify the
activities of the
organization and of the
interested parts
Dice to that there does not exist in any of the processes
of IT government COBIT5:2012 any activity that
expires with what there stipulates the activity 2.2
regarding the guide of social responsibility
ISO26000:2010, to manage to expire with earlier
mentioned, it is necessary to consider to be the
inclusion of the following activity:
“To identify the activities so much of IT frame of
government as of the interested parts, and its
possible impacts to the environmental
responsibility”
2.3 To identify the laws
and applicable
regulations
YOUR activities of the processes of government
COBIT5:2012, which expire partly with this activity
are:
The activity 1, of the section to Evaluate of the
process EDM01.
The activity 3, of the section to Evaluate of the
process EDM01.
The activity 1, of the section to Evaluate of the
process EDM05.
Since they satisfy as for the identification of applicable
laws, with the difference that, in the activities earlier
mentioned, is focused on the laws applicable to IT
government, while in the activity 2.3 regarding the
guide of social responsibility ISO26000:2010, the
laws applicable to the activities and decisions
related to the environment.
Administration of Sustainable Environmental Information Technologies… 79
2.4 To check the
fulfillment grade with
regard to the
environmental laws.
IT activities of the processes of government
COBIT5:2012, which expire partly with this activity
are:
The activity 4, of the section to Supervise of the
process EDM01.
The activity 6, of the section to Supervise of the
process EDM01.
The activity 3, of the section to Supervise of the
process EDM05.
Since they satisfy as for assuring that the relations and
activities should expire with the due and applicable
legal frame, in addition to measuring the fulfillment
grade with regard to the applicable laws, with the
difference that in earlier mentioned they focus to IT,
while the activity 2.4 to the environmental laws.
2.5 To spread the
relation between the
interests of the
interested parts and the
organization, as well as
its fulfillment grade
with the environmental
laws.
Because there does not exist in any of the processes of
IT government COBIT5:2012 any activity that
expires with what there stipulates the activity 2.5
regarding the guide of social responsibility
ISO26000:2010, to manage and expire with earlier
mentioned, it is necessary to consider the inclusion of
the following activities:
“To spread publicly the interested parts, the
relation between its interests and those of the frame
of IT government and the grade of fulfillment with
the applicable environmental laws”.
3 Prevention of the contamination
3.1 Identify
appearances and
impacts of the decisions
and activities
The activities of the processes of government of IT
COBIT5:2012, that fulfil partly with this activity are:
The activity 4, of the section Evaluate of the
process EDM03.
The activity 1, of the section Orient of the process
EDM03.
Since, they satisfy directly to the identification of
impacts(risks) previously of the decisions to take with
the difference that in the above-mentioned does it to
him with an approach to the irrigations of IT of the
decisions whereas in the activity 3.1 focuses to the
impacts (risks), of the decisions and activities that
affect to the surroundings.
80 Wilmer Braulio Rivas Asanza et al.
3.2 Identify the sources
of pollution and waste.
Die to the nonexistence of some activity in the
processes of government of IT COBIT5:2012 that
fulfil with what stipulates the activity 3.2 concerning
the guide of social responsibility ISO26000:2010, to
attain fulfil with the above-mentioned, has to consider
the inclusion of the following activity:
“Identify the sources of pollution and of waste
related to the activities of the frame of government
of IT”
3.3 Identify and avoid
the utilization of
chemical products
forbidden by the law.
Given the nonexistence of some activity in the
processes of government of IT COBIT5:2012 that
fulfil with what stipulates the activity 3.2 concerning
the guide of social responsibility ISO26000:2010, to
attain fulfil with the above-mentioned, has to consider
the inclusion of the following activity:
“Identify and avoid the utilisation of chemical
products forbidden by the law in the frame IT
government”
3.4 Establish and
implement measures to
warn the pollution
Because of the nonexistence of some activity in the
processes IT government COBIT5:2012 that satisfy
what stipulates the activity 3.5 concerning the guide
of social responsibility ISO26000:2010, to attain
satisfy the above-mentioned, has to consider the
inclusion of the following activity:
“Establish and implement measures to warn the
pollution and the generation of waste inside the
frame IT government.”
3.5 Establish and
implement programs of
prevention in front of
accidents.
Considering the nonexistence of some activity in the
processes IT government COBIT5:2012 that satisfy
what stipulates the activity 3.6 concerning the guide
of social responsibility ISO26000:2010, to attain
satisfy the above-mentioned, has to consider the
inclusion of the following activity:
“Establish and implement a program of
prevention, preparation and a plan of emergency
in front of accidents and environmental incidents
so many interns like external to the frame IT
government, that involve to the parts interested
pertinent.”
4 Sustainable use of the resources
Administration of Sustainable Environmental Information Technologies… 81
4.1 Establish and
implement measures of
efficiency for the use of
natural resources.
La actividad de los procesos de gobierno de TI
COBIT5:2012, que cumple en parte con esta
actividad es la siguiente:
la actividad 3, de la sección Orientar del
proceso EDM04.
Ya que, satisface en cuanto al establecimiento de
medidas para el uso eficiente de los recursos, con la
diferencia de que en la actividad antes mencionada
se lo realiza con un enfoque a los recursos de TI,
mientras que la actividad 4.3 referente a la guía de
responsabilidad social ISO26000:2010, se enfoca
al uso de recursos naturales.
4.2 Establish diagrams
of evaluation to
promote the sustainable
acquisitions
The activity of the processes of government of IT
COBIT5:2012, that fulfils partly with this activity
is:
The activity 1, of the section Evaluate of the
process EDM04.
Since it satisfies regarding the evaluation of
strategies and acquisition of resources, with the
difference that in the above-mentioned activity does
it regarding the acquisitions of resources of IT,
mention that the activity 4.5 concerning the guide
of social responsibility ISO26000:2010 it refers to
the acquisition of products and sustainable services.
However, to satisfy completely the described in the
activity 4.5, is necessary the inclusion of the
following activity:
“Establish diagrams for the evaluation of the
environmental exert, of the products and
services that purchase inside the frame of
government of IT, and give preference to the
acquisition of products that minimize his
impacts.”
82 Wilmer Braulio Rivas Asanza et al.
4.3 Inform about the
use of natural resources,
impacts and measures
adopted
The activity of the processes of government of IT
COBIT5:2012, that fulfils partly with this activity
is:
The activity 1, of the section Orient of the
process EDM04.
Since it satisfies regarding informing on the use or
management of resources, with the difference that
in the above-mentioned refers to the resources of IT,
whereas in the activity 4.6 concerning the guide of
social responsibility ISO26000:2010 it refers to the
natural resources.
However, to attain satisfy completely the described
in the activity 3.4, is necessary the inclusion of the
following activity:
“Spread publicly the natural resources and his
significant use in the frame of government of IT,
as well as his impacts to the environment and
measures adopted for his mitigation.”
5 Protection of the environment, the biodiversity and restoration of the natural
habitats
5.1 Mitigation Of the climatic change
5.1.1 Identify sources
of broadcast of GEI
(GREEN HOUSE
GASES)
Because of the nonexistence of some activity in the
processes of government of IT COBIT5:2012 that
fulfil with what stipulates the activity 5.1.1
concerning the guide of social responsibility
ISO26000:2010, to attain fulfil with the above-
mentioned, has to consider the inclusion of the
following activity:
“Identify direct and indirect sources of
accumulation of broadcasts of GEI inside the
frame of government of IT and define the scope
of his responsibility.”
5.1.2 Measure and
register the broadcasts
of GEI in the
organization and his
environmental impact
The activity of the processes of government of IT
COBIT5:2012, that fulfils partly with this activity
is:
The activity 1, of the section Evaluate of the
process EDM03.
Since, it satisfies regarding the measurement of
impacts (risks), with the difference that in the before
described activity does it to him with an approach
to the risks related to the YOU, whereas in the
activity 5.1.2 concerning the guide of social
responsibility ISO26000:2010, it focuses to the
Administration of Sustainable Environmental Information Technologies… 83
risks related to the broadcasts of GEI that affect to
the environment.
5.1.3 Identify
appearances of the use
of fuels with approach
to the cycle of life and
implement programs of
efficient improvement
The activity of the processes IT government
COBIT5:2012, that fulfils partly with this activity
is:
The activity 3, of the section Orient of the
process EDM02.
Since it satisfies regarding the efficient
improvement of the use of fuels, however, to attain
satisfy completely the described in the activity
5.1.4, it is necessary the inclusion of the following
activity: “Identify the quantity and the type of
significant use of fuels inside the frame IT
government and implement programs to
improve his efficiency.”
5.1.4 Rationalization
of Energetic Means
inside the organization
The activity of the processes of government of IT
COBIT5:2012, that fulfils partly with this activity
is:
The activity 1, of the section Evaluate of the
process EDM04.
Since it satisfies regarding the purchase of goods
energetically efficient, however, to attain satisfy
completely the activity 5.1.5, it is necessary the
inclusion of the following activity: “Make savings
of energy while it was possible inside the frame
of government of IT, including the purchase and
development of goods and products energetically
efficient.”
5.1.6 Inform the taking
of measures of the
broadcasts of GEI in the
organization
Considering the nonexistence of some activity in
the processes IT government COBIT5:2012 that
fulfil with what stipulates the activity 5.1.6
concerning the guide of social responsibility
ISO26000:2010, to attain fulfil with the above-
mentioned, has to consider the inclusion of the
following activity: “Inform on his significant
broadcasts of GEI inside the frame of
Government of IT and the measures to adopt to
warn the impact to the environment.”
5.2 Adaptation to the climatic change
5.2.1 Analyze and
identify irrigations and
opportunities in the
surroundings and his
The activities of the processes IT government
COBIT5:2012, that fulfil partly with this activity
are:
84 Wilmer Braulio Rivas Asanza et al.
possible climatic
changes to minimize
damages.
The activity 3, of the section Evaluate of the
process EDM02.
The activity 1, of the section Evaluate of the
process EDM03.
The activity 4, of the section Evaluate of the
process EDM03.
Since, they satisfy regarding the analysis and
identification of risks related to the climatic
changes, as well as the analysis of the opportunities
that can arise during the climatic changes to reduce
damages, with the difference that the above-
mentioned focus in the opportunities, risks and
impacts related to the IT, and the activity 5.2.1
concerning the guide of social responsibility
ISO26000:2010 it focuses in the opportunities,
risks and impacts made by the climatic changes.
5.2.2 Establish and
implement measures for
the adaptation in front
of the climatic change.
The activity of the processes of government of IT
COBIT5:2012, that fulfils partly with this activity
is:
The activity 4 corresponding, to the section
Orient of the process EDM03.
Since it satisfies regarding the implementation of
measures to answer in front of impacts with the
difference that in the before described activity does
it focusing in the variable risks of the organization,
whereas in the activity 5.2.2 concerning the guide
of social responsibility ISO26000:2010 it focuses
in the variable risks related to the climatic changes
considering his sphere of influence (parts
interested).
6 Protection of the environment, the biodiversity and restoration of the natural
habitats
Administration of Sustainable Environmental Information Technologies… 85
6.1 Identify and take
measures on the
possible impacts to the
ecosystem
The activities of the processes of government of IT
COBIT5:2012, that fulfil partly with this activity
are:
The activity 1 corresponding, to the section
Evaluate of the process EDM03.
The activity 3 corresponding to the section
Orient of the process EDM04.
Since, they satisfy regarding the identification of
risks and impacts, as well as with the establishment
of measures of protection to minimize or delete said
impacts, with the difference that in the above-
mentioned activities does it to him with an approach
to the risks and impacts related to the IT, and in the
activity 6.1 concerning the guide of social
responsibility ISO26000:2010 it does it with an
approach to the risks that affect the biodiversity and
the services of the ecosystem.
6.2 Establish and
implement Strategies of
Administration of
Ecosystems
The activity of the processes of government of IT
COBIT5:2012, that fulfils partly with this activity
is:
The activity 3, corresponding to the section
Orient of the process EDM04.
Since it satisfies regarding the establishment of
measures or strategies of administration, with the
difference that in the before described activity does
it focusing in the management of resources,
whereas in the activity 6.2 concerning the guide of
social responsibility ISO26000:2010 it focuses in
the ecosystem (terrains, waters).
6.3 Analyze, Establish
and implement
measures of protection,
of the possible
ecosystems affected.
The activity of the processes of government of IT
COBIT5:2012, that fulfils partly with this activity
is:
The activity 4, of the section Orient of the
process EDM04.
Since it satisfies in the determination of measures
of protection in front of possible impacts, with the
difference that the before described focuses in the
resources of IT, whereas the activity 6.3 concerning
the guide of social responsibility ISO26000:2010,
it focuses in the protection of possible ecosystems
affected.
However, to satisfy entirely this activity, is
necessary the inclusion of the following:
86 Wilmer Braulio Rivas Asanza et al.
“Incorporate in the frame of government of
IT, measures of protection of the possible
ecosystems affected (natural habitats,
rainforests, forests, runners of wild life, areas
protected and agricultural terrains), considering
besides to the wild animals”.
“Use progressively and in greater proportion
products of providers that use technologies and
processes more sustainable, inside the frame IT
government.”
6.4 Establish and
implement measures for
the prevention and
minimization of the
possible impacts in the
ecosystems affected.
Considering the nonexistence of some activity in
the processes of IT government COBIT5:2012 that
fulfil with what stipulates the activity 6.4
concerning the guide of social responsibility
ISO26000:2010, to attain fulfil with the above-
mentioned, has to consider the inclusion of the
following activity:
“Establish and Implement practices of planning,
design and operation, like forms to warn and
minimize the possible impacts that affect to the
ecosystem, resultant of the decisions taken inside
the frame of government of IT.”
6.5 Report of results
and the measures taken
in front of the analysis
of the possible
ecosystems affected.
Taking into account the nonexistence of some
activity in the processes of IT government
COBIT5:2012 that fulfil with what stipulates the
activity 6.5 concerning the guide of social
responsibility ISO26000:2010, to attain fulfil with
the above-mentioned, has to consider the inclusion
of the following activity:
“Register and inform on the measures taken
regarding the analysis made of the ecosystems
affected by the frame of IT government.”
7- Follow-up and Control
7.1 Make reports of
follow-up of exert of the
subjects of
environmental
responsibility.
The activity of the processes of government of IT
COBIT5:2012, that fulfils partly with this activity
is:
The activity 3, of the section Supervise of the
process EDM02.
Since it satisfies regarding the establishment of
measures or strategies of administration, with the
difference that in the before described activity does
it focusing in the management of resources,
whereas in the activity 6.2 concerning the guide of
Administration of Sustainable Environmental Information Technologies… 87
social responsibility ISO26000:2010 it focuses in
the ecosystem (terrains, waters).
7.2 Obtain verification
of the information
obtained by part of the
interested and expose
the points that do not
cover .
The activities of the processes of IT government
COBIT5:2012, that fulfil partly with this activity
are:
The activity 4, of the section Orient of the
process EDM01.
The activity 3, of the section Orient of the
process EDM05.
The activity 3, of the section Supervise of the
process EDM05.
Since it satisfies regarding the verification of the
information obtained by part of the interested,
However, to attain satisfy entirely this activity, is
necessary the inclusion of the following:
“Provide a brief explanation of reason do not
cover some points of environmental
responsibility, to show that the frame IT
government has done effort to cover all the
important subjects.”
“Use a process of rigorous and responsible
verification, in which the data and the
information of environmental responsibility
come from of a reliable source that allow
verifying the accuracy of the same by part of the
interested”.
Source: Own preparation
Activities proposed of environmental half sustainability. In base to the limitations
identified in the *Picture 13 determined the need to include the activities described in
the *Picture 14, to attain add characteristics of environmental half sustainability to the
frame of IT government COBIT5:2012.
88 Wilmer Braulio Rivas Asanza et al.
Picture 4: Activities of environmental half sustainability
GO Activities of environmental half sustainability for the frame of IT
government
A1 Identify the activities so much of the frame of IT government as of the parts
interested and his possible impacts to the environmental responsibility.
A2 Spread publicly the parts interested, the relation between his interests and the
ones of the frame of IT government and the degree of fulfillment with the
applicable environmental laws.
A3 Identify the sources of pollution and of waste related to the activities of the
frame of IT government.
A4 Identify and avoid the utilization of chemical products forbidden by the law in
the frame IT government.
A5 Measure and Register the sources of pollution and of generation of significant
waste inside the frame IT government, in addition to the risks that these that
made to the human health and the environment.
A6 Establish and implement measures to warn the pollution and the generation of
waste inside the frame IT government.
A7 Establish and implement a program of prevention, preparation and a plan of
emergency in front of accidents and environmental incidents so many interns
like external to the frame IT government, that involve to the parts interested
pertinent.
A8 Spread publicly the quantities and types of toxic materials that use or free in
normal operations and in accidental releases inside the frame IT government,
including the risks known that made to the human health and the environment
and the measures that pretends assume to mitigate these risks.
A9 Identify the natural resources used inside the frame IT government.
A10 Identify alternative sources, sustainable, renewable and of low impact to
complement or replace the use of resources no renewable inside the frame IT
government.
A11 Establish diagrams for the evaluation of the exert environmental, of the products
and services that purchase inside the frame IT government, and give preference
to the acquisition of products that minimize his impacts.
A12 Spread publicly the natural resources and his significant use in the frame IT
government, as well as his impacts to the environment and measures adopted
for his mitigation.
A13 Identify direct and indirect sources of accumulation of broadcasts of GEI inside
the frame IT government and define the scope of his responsibility.
A14 Establish and implement measures to warn and minimize progressively the
broadcasts of GEI in the frame IT government, and boost similar actions in his
sphere of influence.
A15 Identify the quantity and the type of significant use of fuels inside the frame IT
government and implement programs to improve his efficiency.
Administration of Sustainable Environmental Information Technologies… 89
A16 Make savings of energy while it was possible inside the frame IT government,
including the purchase and development of goods and products energetically
efficient.
A17 Inform on his significant broadcasts of GEI inside the frame IT government and
the measures to adopt to warn the impact to the environment.
A18 Incorporate in the frame IT government, measures of protection of the possible
ecosystems affected (natural habitats, rainforests, forests, runners of wild life,
areas protected and agricultural terrains), considering besides to the wild
animals.
A19 Use progressively and in greater proportion products of providers that use
technologies and processes more sustainable, inside the frame IT government.
A20 Establish and Implement practices of planning, design and operation, like forms
to warn and minimize the possible impacts that affect to the ecosystem, resultant
of the decisions taken inside the frame IT government.
A21 Register and inform on the measures taken regarding the analysis made of the
ecosystems affected by the frame IT government.
A22 Use a process of rigorous and responsible verification, in which the data and the
information of environmental responsibility come from of a reliable source that
allow verifying the accuracy of the same by part of the interested.
A23 Provide a brief explanation of reason do not cover some points of environmental
responsibility, to show that the frame IT government has done effort to cover all
the important subjects.
Source: own Preparation based in the guide of social responsibility. ISO26000:2010
[23]
Model of an IT government.
In base to the identification of limitations that presents the frame IT government
COBIT5:2012 in front of the characteristics of environmental half sustainability of the
guide of social responsibility ISO26000:2010, reflected in the *Picture 13 and to the
activities proposed in the *Picture 14 to attain the inclusion of the same, elaborated the
model of frame IT government with environmental half sustainability that shows
90 Wilmer Braulio Rivas Asanza et al.
Source: Own Preparation, based in the frame of work of COBIT5:2012 [24].
Explanation of the new model.
To attain that, inside the frame IT government COBIT5:2012 they consider
characteristic of environmental half sustainability, determined afterwards of the
identification of the limits in the *Picture 13, taking in account the activities of the
fundamental matter environmental half sustainability obtained of the guide of social
responsibility ISO26000:2010, that has to incorporate the following appearances:
Process EDM01: Ensure the establishment and maintenance of the theoretical frame
of Government. In this process considered the inclusion of an approach of
environmental half sustainability, to the following activities:
a. The activity 1 of the section Evaluate, that with the end to satisfy the activity
2.3 concerning the guide of social responsibility ISO26000:2010, it remains of
the following way; “Analyze and identify the factors of the internal and external
surroundings (legal obligations, contractual and regulatory) and tendencies in
the surroundings of the frame IT government that can influence in the
environmental half sustainability.”
b. The activity 3 of the section Evaluate, that with the end to satisfy the activity
2.3 concerning the guide of social responsibility ISO26000:2010, it remains of
the following way; “Consider the external regulations, legal and contractual
obligations related to the environmental responsibility and determine how
have to be applied in the frame IT government of the company.”
c. The activity 4 of the section Supervise, that with the end to satisfy the activity
2.4 concerning the guide of social responsibility ISO26000:2010, it remains of
the following way; “Keep the supervision on the point until which the frame
IT government satisfies the obligations (regulations, legislations, common
Administration of Sustainable Environmental Information Technologies… 91
laws, contractual), internal politics, standard and environmental half
guidelines.”
d. The activity 6 of the section Supervise, that with the end to satisfy the activity
2.4 concerning the guide of social responsibility ISO26000:2010, it remains of
the following way, “Supervise the routine and regular mechanisms to guarantee
that the use of IT fulfils with the notable obligations (regulatory, legislation,
common laws, contractual), standard and environmental half guidelines.”
Besides, it considered the inclusion of the following activities:
In the section Evaluate.
a. “1. Identify the activities so much of the frame IT government as of the parts
interested and his possible impacts to the environmental responsibility.”
b. “4. Identify and avoid the utilization of chemical products forbidden by the law
in the frame IT government.”
In the section Orient.
a. “2. Spread publicly the parts interested, the relation between his interests and
the ones of the frame IT government and the degree of fulfillment with the
applicable environmental laws.”
Process EDM02. Ensure the Delivery of Profits. In this process considered the
inclusion of an approach of environmental half sustainability, to the following
activities:
a. The activity 1 of the section Evaluate, that with the end to satisfy the activity
2.1 concerning the guide of social responsibility ISO26000:2010, it remains of
the following way; “Comprise the requests of the parts interested in relation to
the environment; strategic subjects of environmental sustainability, such as
the dependencies of the environmental sustainability; and comprise the
technology and his capacities considering the current importance and potential
of the environmental sustainability for the strategy of the frame IT
government”.
b. The activity 3 of the section Evaluate, that with the end to satisfy the activity
5.2.1 concerning the guide of social responsibility ISO26000:2010, it remains
of the following way; “Comprise and argue regularly the opportunities that
could arise of the climatic changes to minimize damages associated to said
changes in the frame IT government.”
c. The activity 5 of the section Orient, that with the end to satisfy the activity 4.2
concerning the guide of social responsibility ISO26000:2010, it remains of the
following way; “Communicate to level of company the utilization of natural
resources in the frame IT government and the measures of results of the
environmental impacts produced by the use of natural resources, to allow
an effective control”.
92 Wilmer Braulio Rivas Asanza et al.
Process EDM03. Ensure the optimization of the Risk. In this process considered the
inclusion of an approach of environmental half sustainability, to the following
activities:
a. The activity 1 of the section Evaluate, that with the end to satisfy the activity
4.2 concerning the guide of social responsibility ISO26000:2010, it remains of
the following way; “Determine the level of risks related to the use of natural
resources that the frame IT government is had to assume to fulfil with his
aims (appetite of risk).”
b. The activity 1 of the section Evaluate, that with the end to satisfy the activity
5.1.2 concerning the guide of social responsibility ISO26000:2010, it remains
of the following way; “Determine the level of risks related to the broadcasts
of GEI that affect to the environment and that the frame IT government is had
to assume to fulfil with his aims (appetite of risk).”
c. The activity 1 of the section Evaluate, that with the end to satisfy the activity
5.2.1 concerning the guide of social responsibility ISO26000:2010, it remains
of the following way; “Determine the level of risks related with the climatic
changes that the frame IT government is had to assume to fulfil with his aims
(appetite of risk).
d. The activity 1 of the section Evaluate, that with the end to satisfy the activity
6.1 concerning the guide of social responsibility ISO26000:2010, it remains of
the following way; “Determine the level of risks related to the biodiversity and
the services of the ecosystem that the frame IT government is had to assume
to fulfil with his aims (appetite of risk).
e. The activity 4 of the section Evaluate, that with the end to satisfy the activity
3.1 concerning the guide of social responsibility ISO26000:2010, it remains of
the following way; “Evaluate proactively the factors of environmental half risk
produced by the activities, prior to the strategic decisions of the frame IT
government, slope and ensure that they take conscious of the risks”.
f. The activity 4 of the section Evaluate, that with the end to satisfy the activity
5.2.1 concerning the guide of social responsibility ISO26000:2010, it remains
of the following way; “Evaluate proactively the factors of risks made by the
climatic changes prior to the strategic decisions of the frame IT government
and ensure that the decisions take consents of the risks”.
g. The activity 1 of the section Orient, that with the end to satisfy the activity 3.1
concerning the guide of social responsibility ISO26000:2010, it remains of the
following way; “Promote a culture of the environmental half risks and promote
to the frame IT government to an identification proactiva of environmental
half risk, opportunities and impacts of the decisions and activated that they
affect to the environment”.
h. The activity 4 of the section Orient, that with the end to satisfy the activity
5.2.1 concerning the guide of social responsibility ISO26000:2010, it remains
of the following way; “Orient the implementation of appropriate mechanisms
to answer quickly to the variables risks related to the climatic changes and
notify immediately to the suitable levels of management, supported principles
of scaled agreed (that inform, when, where and as)”.
Administration of Sustainable Environmental Information Technologies… 93
Besides, it considered the inclusion of the following activities:
In the section Evaluate.
a. “3. Identify the sources of pollution and of waste related to the activities of the
frame IT government.”
b. “5. Measure and Register the sources of pollution and of generation of
significant waste inside the frame IT government, in addition to the risks that
these made to the human health and the environment.”
c. “13. Identify direct and indirect sources of accumulation of broadcasts of GEI
inside the frame IT government and define the scope of his responsibility.”
In the section Orient.
a. “6. Establish and implement measures to warn the pollution and the generation
of waste inside the frame IT government.”
b. “7. Establish and implement a program of prevention, preparation and a plan of
emergency in front of accidents and environmental incidents so many interns
like external to the frame IT government, that involve to the parts interested
pertinent.”
c. “14. Establish and implement measures to warn and minimize progressively the
broadcasts of GEI in the frame IT government, and boost similar actions in his
sphere of influence.”
d. “20. Establish and Implement practices of planning, design and operation, like
forms to warn and minimize the possible impacts that affect to the ecosystem,
resultant of the decisions taken inside the frame IT government.”
In the section Supervise.
a. “8. Spread publicly the quantities and types of toxic materials that use or free in
normal operations and in accidental releases inside the frame IT government, including
the risks known that made to the human health and the environment and the measures
that pretends assume to mitigate these risks.”
b. “17. Inform on his significant broadcasts of GEI inside the frame IT government
and the measures to adopt to warn the impact to the environment.”
Process EDM04: Ensure the Optimization of Resources. In this process considered the
inclusion of an approach of environmental half sustainability, to the following
activities:
a. The activity 3 of the section Orient, that with the end to satisfy the activity 4.3
concerning the guide of social responsibility ISO26000:2010, it remains of the
following way; “Define the aims, measures and metric key for the management
of the natural resources in the frame IT government.”
b. The activity 3 of the section Orient, that with the end to satisfy the activity 6.1
concerning the guide of social responsibility ISO26000:2010, it remains of the
following way; “Define the aims, measures and metric key for the management
of the biodiversity and the services of the ecosystem in the frame IT
government.”
94 Wilmer Braulio Rivas Asanza et al.
c. The activity 3 of the section Orient, that with the end to satisfy the activity 6.2
concerning the guide of social responsibility ISO26000:2010, it remains of the
following way; “Define the aims, measures and metric key for the management
of the ecosystem in the frame IT government.”
d. The activity 3 of the section Orient, that with the end to satisfy the activity 7.1
concerning the guide of social responsibility ISO26000:2010, it remains of the
following way; “Consider usual and notable reports of the wallet program, and
exert of the subjects of environmental responsibility. Review the progress of
the frame IT government to the aims identified and the degree in which the
planned aims are reached, the aims of performance reached and the risk
mitigated”.
Besides, it considered the inclusion of the following activities:
In the section Evaluate.
a. “19. Use progressively and in greater proportion products of providers that use
technologies and processes more sustainable, inside the frame IT government.”
In the section Orient.
a. “11. Establish diagrams for the evaluation of the exert environmental, of the
products and services that purchase inside the frame IT government, and give
preference to the acquisition of products that minimize his impacts.”
b. “16. Make savings of energy while it was possible inside the frame IT
government, including the purchase and development of goods and products
energetically efficient.”
Process EDM05: Ensure the transparency to the parts Interested. In this process
considered the inclusion of an approach of environmental half sustainability, to the
following activities:
a. The activity 1 of the section Evaluate, that with the end to satisfy the activity
2.3 concerning the guide of social responsibility ISO26000:2010, it remains of
the following way; “Examine and judge the current requirements and applicable
futures to the decisions and activities in the frame IT government
(regulation, legislation. General laws. Contractual requirements). Including
scope and frequency.”
Besides, it considered the inclusion of the following activities:
In the section Orient.
a. “22. Use a process of rigorous and responsible verification, in which the data
and the information come from of a reliable source that allow verifying the
accuracy of the same by part of the Interested.”
In the section Supervise.
a. “23. Provide a brief explanation of reason do not cover some points, to show
that the frame IT government has done effort to cover all the important
subjects.”
Administration of Sustainable Environmental Information Technologies… 95
Process EDM06: environmental Sustainability in the frame IT government. With the
purpose to add guidelines of sustainability, considered the creation of the present
process, in which they have included the following activities:
In the section Evaluate.
a. “9. Identify the natural resources used inside the frame IT government.”
b. “10. Identify alternative sources, sustainable, renewable and of low impact to
complement or replace the use of resources no renewable inside the frame IT
government.”
c. “15. Identify the quantity and the type of significant use of fuels inside the frame
IT government and implement programs to improve his efficiency.”
In the section Orient.
a. “18. Incorporate in the frame IT government, measures of protection of the
possible ecosystems affected (natural habitats, rainforests, forests, runners of
wild life, areas protected and agricultural terrains), considering besides to the
wild animals.”
In the section Supervise.
a. “12. Spread publicly the natural resources and his significant use in the frame
IT government, as well as his impacts to the environment and measures adopted
for his mitigation.”
b. “21. Register and inform on the measures taken regarding the analysis made of
the ecosystems affected by the frame IT government.”
References
[1] January 2016. [On line]. Available: https://actualidad.rt.com/economia/197283-
riesgos-economia-mundial-fmi.
[2] I. ISACA: Rolling Meadows, «Sustainability – An ISACA White Paper,» 2011.
[3] G. H. Brundtland, «Report of the World-wide Commission on the Environment
and the Sustainable Development,» 1987.
[4] I. 1. And. w. International organisation of Normalisation and S. G. d. l. C. And.
European union, Evaluation of the approaches to integrate the sustainability to
the community politics, Report of final summary, 2004.
[5] M. D. And. K. T. J. Stefan Naumann, «The GREENSOFT Model: To reerence
model for green and sustainable software,» Elsevier, 2011.
[6] F. Bengtsson And P. J. Ågerfalk, «Information technology ace to change actant in
sustainability innovation: Insights from Uppsala,» Elsevier, September 2010.
96 Wilmer Braulio Rivas Asanza et al.
[7] M. C. Machado, F. To. Sobral And F. H. Junior, «Sustentabilidade na tecnologia
gives informacao análise two appearances considered no model of cobit,» IV
SINGEP, 2014.
[8] J. W. Merhout And J. Or'Toole, «Sustainable IT Governance (SITG): Is COBIT 5
An Adequate Model?,» AIS Electronic Library, pp. 1-7, Julio 2015.
[9] M. Bjoern, And. Koray, L. Fabian and Z. Ruediger, «How Sustainable is COBIT
5?,» Americas Conference on Information Systems:, vol. 19, pp. 15-17, August
2013.
[10] To. M. Gil Lafuente and L. Barcellos Paula, «THE CHALLENGES FOR THE
BUSINESS SUSTAINABILITY IN THE 21st century,» Magazine galega of
economy: Publication Interdisciplinar gives Facultade of Economic Sciences and
Empresariais, vol. 20, number 2, pp. 115 - 176, 2010.
[11] D. Fernández of Gatta Sánchez, «The diet of environmental sustainability,»
juridical Magazine of Castile and Leon, number 25, pp. 163 - 218, 2011.
[12] F. Arias, «sustainable Development and his indicators,» Magazine Society and
Economia, number 11, pp. 200-229, 2006.
[13] C. M. Minaverry And T. To. Gally, «THE VOLUNTARY NORMS To8.000 And
ISO 26.000 ON SOCIAL RESPONSIBILITY And HIS IMPORTANCE IN
FRONT OF THE WEAKNESS OF THE RIGHT,» Ars Boni et Aequi, vol. 9, pp.
257-276, 2013.
[14] L. Moratis, «Out of the ordinary? Appraising ISO 26000's CSR definition,» vol.
58, number 1, pp. 26 - 47, 2016.
[15] R. Mattos Of Deus, B. M. Roman Pais Seles and K. R. Ogasawara Scallop, «Ace
organizaçõis and to ISO 26000: revisãor two conceitos, two motivators and give
barreiras of implementaçãor,» Gestãor & Produçãor, vol. 21, number 4, pp. 793-
809, 2014.
[16] I. L. Muñoz Periñán and G. Ulloa Villegas, «Government of YOU – State of the
art,» Telematic & Systems, vol. 9, number 17, pp. 23-53, 2011.
[17] ISACA, COBIT 5: A Frame of Business for the Government and the
Management of the YOU of the Company, EE.UU, 2012.
[18] P. Weill And R. Woodham, «Don't Just Lead, Govern: Implementing Effective IT
Governance,» Social Science Research Network, vol. 3, number 326, Abril 2002.
[19] ISACA, «Technical Article of Sustainability,» 2011.
[20] H. Laksono And And. Supriyadi, «Design and Implementation Information
Security Governance Using Analytic Network Process and COBIT 5 For
Information Security To Marry Study of Unit XYZ,» SCOPUS, number 7437689,
p. 6, 2015.
[21] K. Youssfi, J. Boutahar And S. Elghazi, «IT GOVERNANCE
IMPLEMENTATION:To TOOL DESIGN OF COBIT 5 ROADMAP,» World
Congress of Chiropractic Students, number 7060965, pp. 115 - 121, 2015.
Administration of Sustainable Environmental Information Technologies… 97
[22] To. Romadhona And To. Akhmad Arman, «An Analysis of Information
Technology Governance Marry study: Statistics Indonesia,» number 7437733, p.
6, 2015.
[23] ISACA, COBIT 5: processes Catalysts, U.S., 2012.
[24] ISO, International Norm ISO 26000, Ginebra, 2010.
98 Wilmer Braulio Rivas Asanza et al.