IT & Information Governance Resources


View Image
Overview & Go
A collection of analytical and research papers, contributed for the common good by T2P community members.

Go to it >
  • Change Management: A Practical Framework for Reducing Technology-Related Risk and Uncertainty
  • Mitigating Risk in IT Outsourcing
  • 10 Steps to Harden Commerce Systems
  • PCI: Requirements to Action
Who It's For
Managers and executors of practice areas covered by paper topics, including:

  • Executives with responsibility for financial effectiveness of IT operations
  • IT and Information security managers, auditors, and implementers
  • IT project and program managers
  • Compliance and risk management practice leaders
How to build on it
  • Comment on existing papers
  • Extend existing papers
  • Recomend topics for new papers
  • Write or contribute a new paper
  • Help fund a new paper

Open IT
Policy Project

View Image
Overview & Go
Community-moderated policies, procedures, standards, and forms, designed to be easily customized for unique environments.

Go to it >
(Partial list. Visit project page for full catalog.)
  • Acceptable Use, Internet (Policy)
  • Access Controls, Account (Policy)
  • Change Management (Policy)
  • Incident Response (Policy)
  • Password Management (Policy)
  • Social Computing and Networking (Policy)
Who It's For
Professionals in IT, compliance, audit, legal, and other roles responsible for the definition, alignment, and/or enforcement of information use and control.
How to build on it
  • Comment on existing policies
  • Edit existing policies
  • Recommend topics for new policies
  • Write or contribute new policies
  • Help fund this project

IT Audit

View Image
Overview & Go
Practical guidance and experience-based insight to help IT, compliance, and business managers prepare for more successful, productive internal audits.

Go to it >
  • IT Governance & Strategy
  • Risk Management
  • Information Security
  • Privacy & Data Protection
  • Change Management
Who It's For
  • Internal auditors seeking guidance on best practices and audit objectives
  • Compliance and risk managers seeking insight into what auditors do and don't want to see
  • Business practice managers with responsibility for technology components, users, and uses
How to build on it
  • Comment on existing ITACs
  • Extend existing papers
  • Recomend topics for new ITACs
  • Join an ITAC authors' team
  • Help fund a new ITAC

Control & Risk Calculator

View Image
Overview & Go
A deceptively simple, decidedly serious tool for assessing and prioritizing internal controls.

Go to it >
  • Web based calculator application
  • PDF User Manual
Who It's For
  • Compliance managers
  • Risk managers
  • Security managers
  • Other managers with sound knowledge of the internal control environment and responsibility for internal-control prioritization.
How to build on it
The CRC is a fully interactive application in which you can add, save, modify, and review your own data sets.

Reality-Based Guides

View Image
Overview & Go
A collection of practical, compact references for human factors in information governance.

Go to them >
  • How to Clarify Complex Decisions
  • How to Get More out of Technical Conferences
  • How to Thwart a Social Engineering Exploit
Who It's For
  • Compliance training & awareness program leaders
  • Information security managers
  • Information security practitioners
  • Compliance & risk management evangelists
How to build on it
  • Comment on existing Guides
  • Recomend topics for new Guides
  • Write or contribute a new Guide
  • Help fund a new Guide


View Image
Rules & Standards
Standards, regulations, and models you can use to improve IT and information governance.

Go to it >
Good Free Tools
Freely accessible interactive tools for information governance, compliance, and risk management.

Go to it >
Hot Ink: Development
A Practical Framework for Reducing Infrastructure Failures and Disruptions
Author: Frank LeFavi
Format: Analytical Paper/PDF
Better IT Policy Templates
  • Editable by all community members
  • New Policy Builder form
  • New Cloud Computing policy template
  • Download as XML or DOCX
Hot Ink: Sourcing
A Realistic Framework for More Successful Outsourcing Initiatives
Author: Frank LeFavi
Format: Analytical Paper/PDF
Updated Rules & Standards
  • New IIA GTAGs
  • Updated ISACA links
  • New listings in most categories
To improve is to change.
Winston Churchill

Read about our redesign, tell us what you think.

Analysis & Advice

How to Disagree with Auditors: An Auditor’s Guide

Auditors are required to tell management when control failures are exposing them to risk. Still, man…

Staff in the Time of Cholera: Managing Workflow and Disaster

What if 80 percent of your staff called in sick…for a month? Epidemics and natural disasters regular…

The Truth Will Keep You Free: Analytics, BI, and Compliance

Compliance is a risky business, even if your business isn't risky. From scoping to control remediati…

Business Rules Bridge the Gap between Policies and Execution

Few IT professionals really understand business, and few finance executives really understand IT. Ce…

What Auditors Look for in an IT Department

IT leaders are increasingly challenged to implement processes and controls that are in line with bus…

IT Recycling: The Next Frontier

Laws and policies concerning electronic waste are evolving rapidly. Computer components are hazardou…

The Tao of Compliance: Unifying Controls over Chaos

Auditors are camped at the corporate gate, business managers are beating on your door, and the execu…

Tier of Influence: The Rise of Lifecycle-Driven Information Storage Strategy

The days of retaining information as an undifferentiated mass are coming to an end. Higher informati…

Top 10 Spreadsheet Compliance Risks and How to Avoid Them

One of the biggest threats to compliance isn’t rogue insiders or hackers, but a trusted tool: the lo…

Tough Times and Risk Management

When the going gets tough, the tough start measuring cost, value, and risk. New economic pressures u…

Dangerous Liaisons: Drafting Outsourcing Contracts

Internal policies are degraded if external contractors ignore their control objectives. Draft an IT …

Index of all Analytical Articles >

Keep T2P free...
Help fund new IT resources
(Every little bit helps!)
Share Truth to Power
Like what you see on T2P? Share it...
Community Actions
Wow your peers, enhance your resume, and solicit feedback on your ideas by publishing an article, paper, methodology, model, tool, or other resource on T2P.
Got a sticky challenge? With T2P Community Projects, you can align peer exeperience and expertise behind the development of a solution. You can also join and contribute your skills to other members' projects.
Use T2P's new interactive policy builder or submit an existing policy document to the Open IT Policy Project.
Help build the most comprehensive, community-curated directory of rules and standards for information and operation governance.
What free third-party tools do you use to get the job done? Tell us, and we'll add them to the Good Free Tools hub.
T2P Members can help shape and guide T2P at the organizational and research levels by participating in advisory boards.
Logged-in members can search the community and connect with other professionals in your field, role, or country.