There’s a few terms ‘office framework’, ‘IT framework’
That are used to define an overall picture of how a business may run.
You could imagine for example a McDonald’s Hamburger might have different sections.
- Cooking areas
- Food preparation
- Cleanup
- Register area
- Accounting
- Food reordering
- … the list goes on and on
Our maybe a Sears would have
- Salesperson / cashiering
- Janitorial
- Inventory management
- Purchasing
- Accounting
You might consider the processes surrounding these maybe the categories to be a framework.
Usually each of these sections has a number of distinct processes. Like cashiering might have
- Start of the shift
- End of the shift
- Ring up a sale
- Ring up a refund
Maybe purchasing section also has a number of distinct processes or activities
- Using the inventory to figure out what to process.
- Using a purchase requests
- Returning something purchased
- Setting up a new vendor
- Etc.
Some of those sections may interact with other sections.
For example, the business could have an inventory. It may have it’s own set of processes. Likely one process could be the physical inventory. You likely have a list of items that you should have. Maybe there’s a column of the minimum you want to keep. Maybe there’s another column of how many you should have in stock (according to the computer inventory). The physical inventory is where you go and to a count of the parts to make sure the amount you have matches what the computer thinks you have.
The result of this inventory could go to a number of different sections.
- To purchasing so that they can reorder parts.
- To management so they can study ‘why do discrepancies occur?’
You could think that a business consists of many different processes or activities. You might consider that a “framework”.
I think the acknowledged activities and how they work together would be considered a framework.
Many times those activities are articulated, maybe there are actual Processes, documented Procedures, or Policies. (PPP) I don’t think those actual PPP are part of the framework. However the acknowledgement that this you should keep PPP could be part of the business framework.
If you think about starting your own business, you probably don’t think about such things. For example if you start a side business fixing computers for your friends you don’t necessary think through how you process inventory, or consider what to do if you damage something of theirs in the process (Usually, you think about it when the problems come up, then hopefully you think - this is what I do in the future)
As your side business grows, you get a partner, or a helper, and then another. After awhile you start discovering many people don’t want to be a general helper, rather they want to be in charge of (or help with) certain aspects. For example, maybe this person wants to deal with all accounting issues. Maybe later just focusing an ar/ap concerns. As the business grows you start is only natural to find people who will fit the puzzle that is your business. The framework starts to formulate.
But outside of the business, there is the notion of a standardized business framework. There are lots of these ranging from simple diagrams (analyze –> plan –> deploy –> repeat) to these highly developed frameworks like NIST 800.53, or Cobit 5 or ISO 27001. These frameworks are used to manage IT security.
In reality the adoption of these frameworks could be rather hard. There’s understanding the framework in the first place. Then theirs getting things so to confirm to the framework. Then theirs sticking to the framework.
Sometimes the framework just isn’t right for your organization. For example of you wanted to tighten computer security for your 50 person IT department, then maybe the NIST 800.53 set of controls (designed for a federal department) just is not the exact fit. But you can pick and choose, and consolidate it to make it fit your needs.
Business frameworks
- https://robllewellyn.com/business-frameworks/ - good introduction to business frameworks.
IT frameworks (some there are many others)
- Nist controls: https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final - provides a list of controls that support the development of secure and resilient federal information systems
- Cobit 5: https://www.isaca.org/resources/cobit/cobit-5?gad_source=1&gclid=CjwKCAiAxqC6BhBcEiwAlXp459vDzlYi81pu32QgsNRT_T1WjzBN5LaXZZpJTqZNNrUXQ0zP_1b-exoCeiYQAvD_BwE - framework for governance and management of enterprise IT.
- Iso 27001 - https://www.itgovernance.co.uk/iso27001#:~:text=ISO%2FIEC%2027001%20is%20the,(information%20security%20management%20system). - international standard for information security management.
Links are provided but it’s important to understand that each is a tip of an iceberg. Most of those IT frameworks are over 800 pages and there are lots of surrounding documents as well.