What is Governance?
Governance is the system of frameworks, roles, responsibilities and decision-making processes through which organisations direct, evaluate and control their information provision, technology and processes.
Governance determines who decides what, on what basis, and with what mandate — and thereby forms the backbone of control and coherence in digital environments.
🧠 Why is Governance important?
| Reason | Explanation |
|---|---|
| Accountability | Clear ownership over systems, data and processes |
| Risk management | Governance helps manage technical, legal and ethical risks |
| Coherent decision-making | Prevents fragmented choices and unnecessary costs |
| Oversight and accountability | Essential for Compliance, audits and transparency |
| Direction and prioritisation | Sets the strategic course for digitalisation, innovation and standardisation |
🧱 Governance in layers
Governance can be applied at different levels:
| Level | Examples |
|---|---|
| Strategic | Vision, policy, architectural frameworks (NORA, BIO, enterprise governance) |
| Tactical | Programmes, portfolio management, information policy, sourcing |
| Operational | Project steering, Lifecycle Management, patch management, access management |
This layering often aligns with models such as COBIT, ISO 38500 and TOGAF.
🔄 Governance and Architecture
Governance and architecture are closely linked:
- Architectural principles provide directional frameworks for decision-making
- Governance ensures compliance, ownership and decision-making
- Within NORA, GEMMA, WILMA and MARIJ, architectural governance is a standard component
| Architectural framework | Governance component |
|---|---|
| NORA | Principles and models are anchored through governance |
| PETRA | Provinces formalise ownership and decision-making authority |
| WILMA | Describes roles for changing or adopting building blocks |
🏭 Governance in an OT context
In Operational Technology (OT), governance is becoming increasingly important:
| Governance question | Relevance in OT |
|---|---|
| Who owns a PLC? | Determination of ownership, management, documentation |
| Who decides on firmware updates? | Trade-off between safety, stability and maintenance |
| Who manages network segmentation? | Role allocation between IT, OT and security |
| Who carries out audits? | Governance of oversight against IEC 62443, BIO or security policies |
Without governance, OT often remains “out of view” in organisational policy — with risks of ambiguity, underinvestment or vulnerability.
🔐 Governance and security
| Security topic | Governance role |
|---|---|
| Security by Design | Governance ensures it is mandatorily applied |
| Privacy by Design | Governance ensures privacy is considered from design onwards |
| Cybersecurity | Governance defines policy, oversight and incident accountability |
| Patch management | Who is allowed to update what, and under what conditions? |
📌 In summary
Governance is the management structure behind technology. It provides control, direction and accountability — in both IT and OT — and is crucial for reliable, secure and future-proof information provision.