University of Twente Student Theses


The start of IT Governance in a Dutch Academic Medical Centre.

Teerenstra, G.H.G. (2016) The start of IT Governance in a Dutch Academic Medical Centre.

[img] PDF
Abstract:The most commonly accepted definition of IT governance is: “IT Governance represents the framework for decision rights and accountabilities to encourage desirable behaviour of IT”. In the industrial domain it is widely accepted that IT Governance directly influences the benefits generated by organisational IT investment, in healthcare this is not the case. Specific challenges to the healthcare domain arise due to the diversified organisational structures and the autonomy of the healthcare professionals. Top down implementation is impossible and with the autonomy of the healthcare professional at risk, stakeholder management is extremely important in the healthcare domain. A ‘big bang’ approach would not work in the Radboudumc. Since everyone and everything has to earn its place it is important to prove something before implementing everything and thereby changing everything. IT governance could be started in a small area. Information security is well-suited, as the Radboudumc is to some extent familiar with the ISO 27001 standard. Furthermore, one of the major aspects in terms of support for IT Governance and the IT Governance framework is how well it is known. ISO 27001 has gained a lot of publicity during the last years. Documentaries, news items and newspapers have written about information security, and the lack thereof, in hospitals multiple times during 2016. Furthermore, ISO 27001 can aid research at the Radboudumc directly. More often than not subsidies (grants) for research contain a specific criterion that states that the academic medical centre (or other body conducting the research) has to be ISO 27001 certified, to ensure information security is up to standard. Another advantage of starting small is the opportunity to measure success on these subjects and showcase these successes to increase support for IT Governance. The following three principles should be leading for the Radboudumc: • Our employees work autonomously. Making sure that the autonomous professionals at the Radboudumc are not hindered but rather supported is key if we want IT Governance to be successful at the Radboudumc. • Measure twice, cut once. Since one has to earn its place in the Radboudumc and recognising and accepting authority of governance bodies is not a given at the Radboudumc doing the right things and measuring success is vital. • Communication is everything. Communication among stakeholders to make sure the correct people are seated at the IT Governance table. And the communication of IT Governance initiatives and successes. Due to the nature of the Radboudumc and the extreme importance of stakeholder management we recommend the following implementation sequence of IT Governance: • chapter 6 of ISO 27001; organisation of information security • implementing chapters 5 until 15 of ISO 27001 and evaluate what has been achieved after twelve months.
Item Type:Essay (Master)
Radboudumc, Nijmegen, Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science, 85 business administration, organizational science, 88 social and public administration
Programme:Business Information Technology MSc (60025)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page