Models, Frameworks, and Best Practices

I have been looking at IT governance and best practice process in particular. There are a considerable number of these models, frameworks, and best practices that are applicable to IT. Some of them seem to overlap but several are different and used for different things.
At first glance it does appear quite frightening as there are so many, thereby creating confusion and conflict.
In my research I have probably only found a few of the total that exist:-

• Maturity Models (someone identified over 30 of these)
• ITIL
• ISO
• SOX (Sarbanes-Oxley)
• COBIT
• Government legislation (i.e. Data Protection)

So what do we do about them if anything? Some may be mandatory such as Sarbanes-Oxley depending on your industry and geographical trading areas.

Well, from my point of view I think it is important to have good processes within IT and we are going down the ITIL route which seems like it will given us a set of best practice processes across the IT spectrum. It could also eventually lead us to a quality standard such as ISO 9001 which would please the marketing people but may not add much more to our IT governance.

Outside of that it is worth looking at some of the ISO standards particularly the security one ISO 27001. Even if compliance is too much going someway down that route would deliver benefits.

Beyond that you start to get into maturity models which are all based on 5 levels of maturity and whilst I can see some benefits in defining where we are against these levels for the various maturity models, think we will get the others done first and then review.

Be interested in what other people think.