Skip to ContentGo to accessibility pageKeyboard shortcuts menu
OpenStax Logo
Foundations of Information Systems

1.2 Frameworks of Knowledge and Industry Standards

Foundations of Information Systems1.2 Frameworks of Knowledge and Industry Standards

Learning Objectives

By the end of this section, you will be able to:

  • Discuss the use of frameworks and industry standards in IS
  • Identify the frameworks and standards in IS
  • Correlate the frameworks and standards to knowledge as an IS professional
  • Discuss characteristics and roles of IS professionals

To promote best practices and help organizations achieve information systems goals and objectives, the field of information systems (IS) is guided by frameworks and industry standards. A framework refers to a tangible structured set of guidelines and best practices that is used to guide the process of developing, implementing, managing, or maintaining a business process, policy, system, or procedure --such as an information system. An industry standard is a policy, procedure, or requirement widely used and supported in an industry to promote efficiency and quality in goods and services.

Frameworks and industry standards can help IS professionals develop and maintain robust systems that enable organizations to function effectively and competitively. In addition, a framework can enable an information system to function in everyday life. For example, a fitness app can help you set fitness goals, establish an exercise plan, and track food and nutrient intake. It may provide access to free information and suggestions from athletes, fitness trainers, and experts in wellness. Similarly, an organization can use information systems to support decision-making and set goals for any function, including financial management, human resources, and marketing. Once an organization establishes its goals, it can use information systems to develop a plan of action to achieve those goals and then use it to carry out their plans, track progress, and achieve success in the marketplace.

Use of Frameworks and Industry Standards in Information Systems

When developing an information system, frameworks provide guidance to help IS professionals apply critical thinking as they identify the goals of the system and problems that can be resolved by the system. Frameworks promote proactive communication and help IS professionals organize their ideas and provide a foundation for strategic planning to develop and maintain a system that meets an organization’s specific needs. As part of this process, frameworks also provide IS professionals with resources such as continuing education, best practices, and guidelines for systems operations.

Industry standards help IS professionals ensure that the system they develop has the appropriate infrastructure and technological components required to function efficiently. This includes ensuring the system is compatible with information systems used in other organizations. After all, an important objective of IS to enable information sharing internally and externally as organizations interact in the marketplace.

Specific Frameworks and Standards in Information Systems

Starting with the most commonly used frameworks, those applicable to IS include Agile, Control Objectives for Information and Related Technologies (COBIT), Information Technology Infrastructure Library (ITIL), the Skills Framework for the Information Age (SFIA), Waterfall, and Zachman.

Agile methodology is a framework used to guide project management, primarily by dividing projects into phases, or sprints. Typically, these sprints include planning, designing, developing, testing, deploying, and reviewing. After each sprint, the project team examines their progress and adjusts before moving to the next sprint. Agile can be a useful framework as IS professionals plan and develop an information system. Several versions of Agile frameworks are used for project management, including Kanban, Lean, and Scrum.

Control Objectives for Information and Related Technologies (COBIT) is a framework that develops and maintains an information system using five processes: Evaluate, Direct, and Monitor (EDM); Align, Plan, and Organize (APO); Build, Acquire, and Implement (BAI); Deliver, Service, and Support (DSS); and Monitor, Evaluate, and Assess (MEA) (Figure 1.6). COBIT is promoted by the Information Systems Audit and Control Association (ISACA), which is a global organization that provides training, research information, news updates, advocacy, and related support for IS professionals and others involved in information technology.

COBIT Framework: Governance (Business needs to Evaluate to Direct) to Management (Plan (APO) to Build (BAI) to RUN (DSS) to Monitor (MEA)) back to Governance (Monitor to Evaluate) and start over.
Figure 1.6 COBIT’s framework provides IS professionals with five processes—Evaluate, Direct, and Monitor (EDM); Align, Plan, and Organize (APO); Build, Acquire, and Implement (BAI); Deliver, Service, and Support (DSS); and Monitor, Evaluate, and Assess (MEA)—that can help develop and maintain an information system. (credit: modification of work from Introduction to Computer Science. attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

Information Technology Infrastructure Library (ITIL) is a comprehensive framework of documentation that discusses best practices for managing information technology. ITIL is managed and updated by AXELOS, a company that provides training and certifications to various technology professionals, including those in IS. ITIL offers guidance, as well as professional certification, for carrying out twenty-six processes in the areas of service strategy, design, transition, operation, and improvement.

The McKinsey 7-S Framework focuses on how an organization can be efficient and effective with interaction and coordination of its staff, structure, strategy, skills, systems, style, and shared values. The goal of the framework is to determine how an organization can be effective with interaction and coordination of the seven elements:

  • Staff: the people who lead and work in an organization, as well as the tools to support the staff, including training and incentive programs
  • Structure: how an organization is designed, including its hierarchy and chain of command
  • Strategy: the organization’s goals/objectives and the plans to achieve these
  • Skills: the skills, knowledge, and competencies held by the organization’s staff
  • Systems: the workflow processes used to achieve the organization’s goals and objectives
  • Style: the tone at the executive level established by the organization’s leaders and managers
  • Shared values: the organization’s mission and values that motivate its operations

The McKinsey 7-S Framework can be used by following four steps:

  1. Identify the parts of the organization that are not aligned with shared values, including a shared mission, goals, and objectives.
  2. Determine the design and structure that will enable the organization to achieve alignment and reach its goals and objectives.
  3. Identify areas where changes are needed to update the organizational design.
  4. Implement the necessary changes.

This framework can help ensure organizations are in alignment and have an effective design, making it easier to develop and maintain the appropriate information systems to meet the organization’s needs.

The Skills Framework for the Information Age (SFIA) provides a comprehensive skills and competency framework in a common language for the IT industry. It includes the steps listed in Figure 1.7. It was developed and is overseen by the SFIA Foundation, a global organization committed to helping IS and other technology professionals acquire the skills and competencies needed to successfully develop and manage technology. Organizations around the world in both the public and private sectors use SFIA to map out the knowledge and expertise needed to fill each role in their organizations. This includes entry-level to advanced positions in the areas of technology development, strategy, architecture, and support.

SFIA steps: 1. Plan/Organize (establish roles/workforce); 2. Acquire (recruit people); 3. Deploy (assign tasks); 4. Assess (review skills/job performance); 5. Analyze (identify gaps/improvement opportunities); 6. Develop (provide/develop opportunities); 7. Reward (provide incentives).
Figure 1.7 SFIA can be an important framework as organizations develop the skills needed to manage technology. This includes planning and organizing, acquisition, deployment, assessment, analysis, and development. It is also important that organizations reward employees and recognize their success. (attribution: Copyright Rice University, OpenStax, under CC BY 4.0 license)

Individually, IS professionals use SFIA to identify the skills they personally need to develop to perform their jobs and advance their careers. SFIA is structured to help organizations and individuals achieve success in the following seven levels of responsibility:

  • Level 1, Follow: This level applies to entry-level positions that are closely supervised, perform routine tasks, rely on basic tools, and have minimal influence on the work environment, essentially following others as they perform their jobs.
  • Level 2, Assist: These employees also work under close supervision, but their work is a bit more complex, and they have more influence with colleagues.
  • Level 3, Apply: At this level, employees receive more general supervision, and they have more autonomy. Their work is more complex and may not be routine. They also may be allowed to make some decisions on their own and may oversee other employees.
  • Level 4, Enable: Employees at this level have much more complex work in a broader range of contexts. While they receive general direction, they have considerable autonomy, as well as personal responsibility for work outcomes.
  • Level 5, Ensure and Advise: At this level, employees receive broad direction, giving them more autonomy, including the ability to self-initiate work that they think should be performed. Their tasks tend to be complex and are an integral part of an organization’s strategic plans.
  • Level 6, Initiate and Influence: Employees who initiate and influence play a central role in establishing an organization’s objectives and assigning responsibilities to subordinates. These employees perform highly complex tasks and make decisions that directly impact an organization’s performance and achievement of organizational goals and objectives.
  • Level 7, Set Strategy, Inspire, and Mobilize: The final and highest level is filled by an organization’s top leaders and managers. These individuals establish an organization’s policy objectives and have oversight and accountability for all decisions made and actions taken throughout the organization.

SFIA is an important framework used globally to promote success in the digital world. Its common language helps technology professionals across the globe integrate the processes they must learn to successfully manage technology.

Waterfall is a structured, linear framework used to guide project management. Generally, the steps of Waterfall include compiling documentation of the project requirements, using logical design to brainstorm how to approach the project, developing the physical design, implementing the design plan, verifying and testing the design, and maintaining the design once it is in use. While Waterfall tends to focus on computer programming and coding, the framework can be applied to IS.

The Zachman Framework provides a structure for developing and organizing the artifacts of enterprise architecture, including data and documents, which are vital for a robust information system. Using a 6 × 6 matrix, the Zachman Framework asks the following six questions to identify the needs and perspectives of stakeholders in a particular system:

  • What? seeks to understand the data needed for the system by learning about the organization’s data, objects, and information.
  • How? seeks to understand the organization’s processes and functions.
  • Where? seeks to learn where the organization operates.
  • Who? seeks to learn who the organizational members are, as well as gather details about the organization’s units and hierarchy.
  • When? seeks to learn the organization’s schedule of operations, including when processes are performed.
  • Why? seeks to learn why the organization has selected certain systems and solutions for its enterprise risk management and information systems. This question also seeks to determine what motivates the organization to perform certain functions.

As shown in Figure 1.8, these questions are posed across the top of Zachman’s 6 × 6 matrix. On the left side of the matrix, the rows list the organization’s stakeholders. To understand the system needs, the stakeholders’ perspectives are entered into the appropriate cells in the matrix. The Zachman Framework can be an important tool to understand what an organization’s information systems should entail and develop the appropriate enterprise architecture to support that system.

Zachman Framework Table. Columns: What (Data), How (Function), When (Time), Who (People), Where (Location), Why (Motivation). Rows: Scope (Contextual), Enterprise Model (Conceptual), System Model (Logical), Technology Model (Physical), Implementation (Detail), Functioning Enterprise.
Figure 1.8 The Zachman Framework provides a structure for developing and organizing the artifacts of enterprise architecture. By asking what, how, where, who, when, and why, the Zachman Framework can help IS developers understand an organization’s needs from the perspective of an organization’s various stakeholders, including executives, managers, and technicians. (credit: modification of work “Zachman Framework (9026775815)” by National Institute of Standards and Technology/Wikimedia Commons, Public Domain)

The industry standards that are applicable in IS include the American Society for Industrial Security (ASIS), the Federal Information Security Modernization Act (FISMA), IS2020, ISO/IEC 27001, and the Open Group Architecture Framework (TOGAF).

The American Society for Industrial Security (ASIS) is a global organization that provides training and certification to help professionals in all industries provide security for people, property, and information. ASIS is a global organization that collaborates with public and private organizations throughout the world—such as the Department of Homeland Security and the Federal Bureau of Investigation—to ensure that IS professionals and others involved in security have the resources needed to successfully handle security issues at every stage of their career.

IS professionals who work for government agencies or private businesses that contract with the government should be familiar with the Federal Information Security Modernization Act (FISMA), which sets the guidelines and standards for security that affected organizations are required to meet to minimize the possibility that data will be stolen, lost, or misused. Under FISMA, affected organizations must have a security strategy that addresses issues such as system access control, risk assessment and management, information integrity, audit and accountability, incident response, and staff’s continuing education.

IS2020 is a competency model that provides guidance and standards to higher education institutions to ensure that undergraduate IS programs effectively prepare students for careers in IS. Developed by an international task force of members of the Association for Computing Machinery (ACM) and Association for Information Systems (AIS), IS2020 outlines the curriculum that should be offered to IS students and the competencies that students should develop as they complete the curriculum. This includes the knowledge, skills, and dispositions that students need for successful careers in IS, as well as the tasks that students should learn to perform.

ISO/IEC 27001 is a worldwide standard established by the International Organization for Standardization that defines the requirements information systems must satisfy to provide adequate security for any system. ISO/IEC 27001 applies to all sizes and types of organizations in both the public and private sectors. The standard focuses on cybercrime but helps organizations guard against any threats to data availability, integrity, and confidentiality.

The Open Group Architecture Framework (TOGAF) is a trademarked standard in its tenth edition that promotes best practices for IS and other technology. TOGAF is used by organizations throughout the world in both the public and private sectors to support requirements management for enterprise architecture. The areas covered by TOGAF include architecture vision, business architecture, information systems architectures, technology architecture opportunities and solutions, migration planning, implementation governance, and architecture change management.

Application of the Frameworks and Standards

IS professionals should rely on the frameworks and standards applicable to their organization and specific role to guide their work. This helps ensure that the work meets the organization’s needs, while also following standards important for maintaining IS compatibility with other organizations.

It is also beneficial to join one or more professional organizations such as the Association for Information Systems (https://aisnet.org/), International Association for Computer Information Systems (https://www.iacis.org/), or Information Systems Audit and Control Association (https://www.isaca.org/). Such organizations provide members with important resources, including training, as well as news and updates about events and changes important to IS professionals. Joining such organizations and taking advantage of learning opportunities helps ensure that you obtain the appropriate continuing education to stay abreast of changes and new requirements in the field of IS. In addition, members of such organizations gain access to colleagues around the world who can become an important networking resource for information sharing and collaboration.

Global Connections

A Symbiotic Relationship: IS and Globalization

Information systems have allowed companies to increase their business operations globally. As more organizations develop an international presence, these systems become a vital tool to promote and sustain organizational successes in the global marketplace. To be effective, IS professionals must understand globalization and how it relates to IS. Organizations such as the Association of Information Systems (AIS), Association of Computing Machinery (ACM), and Information Systems Audit and Control Association (ISACA) can provide information to stay abreast of the developments and opportunities (such as career, networking with IS professionals) related to the theory and practice of IS in the global environment. Establishing and maintaining global connections provides IS professionals with invaluable resources to accomplish IS goals.

Characteristics and Roles of Information Systems Professionals

People working in IS may be involved with new technologies applicable to information systems, how information systems are used globally, and the ethical requirements necessary to ensure a system is managed securely with integrity. IS professionals hold a variety of important roles and responsibilities in an organization. These include the following:

  • A chief information officer (CIO) establishes and maintains an organization’s overall information systems. The CIO’s responsibilities include ensuring that the systems comply with legal requirements and that others involved in an organization’s information systems do their jobs competently.
  • Data information systems management manages the people, technology, and procedures needed to convert data into information. This includes cleaning, extracting, integrating, categorizing, labeling, and organizing data.
  • Database management develops procedures to organize, manipulate, and retrieve data that are stored on computer databases.
  • Systems analysis, design, and development examines an organization’s system needs, and designs and develops a system to meet those needs.
  • IS security risk management manages the risks that threaten an organization’s information system.
  • Enterprise security, data privacy, and risk management focuses on threats, such as data breaches, cyberattacks, and risks to data privacy, that can compromise an organization’s data and information systems.
  • Cloud computing focuses on how an organization uses information systems in the cloud for purposes such as storing and processing data.
  • Data analytics and modeling transforms raw data into useful information and analyzes that data to provide information useful in organizational decision-making and other operations.
  • IS project management uses the project management steps of initiation, planning, execution, monitoring, control, and closure to handle IS projects.

In addition to the benefit of working in a role aligned with an individual’s experience and interest, IS positions tend to pay competitive salaries, and the field’s outlook remains promising.

Ethics in IS

Ethics as Integral to IS

Any IS professional will likely have to manage sensitive data, and mishandling it can negatively impact the operations of organizations, as well as the lives of individuals. Cybersecurity is a priority because, worldwide, hackers are constantly working to find organizations with vulnerable systems that can be exploited for financial gain and other criminal uses. IS professionals must understand IS risks and practice ethical behavior to manage those risks. Keep in mind that every part of IS must be managed with an ethical mindset, understanding its importance and recognizing that IS professionals have an obligation to do everything they can to help safeguard data.

Citation/Attribution

This book may not be used in the training of large language models or otherwise be ingested into large language models or generative AI offerings without OpenStax's permission.

Want to cite, share, or modify this book? This book uses the Creative Commons Attribution-NonCommercial-ShareAlike License and you must attribute OpenStax.

Attribution information
  • If you are redistributing all or part of this book in a print format, then you must include on every physical page the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
  • If you are redistributing all or part of this book in a digital format, then you must include on every digital page view the following attribution:
    Access for free at https://openstax.org/books/foundations-information-systems/pages/1-introduction
Citation information

© Mar 11, 2025 OpenStax. Textbook content produced by OpenStax is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike License . The OpenStax name, OpenStax logo, OpenStax book covers, OpenStax CNX name, and OpenStax CNX logo are not subject to the Creative Commons license and may not be reproduced without the prior and express written consent of Rice University.