The Framework is structured around four main domains, namely: 

• Information Technology Governance and Leadership.
• Information Technology Risk Management.
• Information Technology Operations Management.

System Change Management.

For each domain, several subdomains are defined. A subdomain focusses on a specific IT governance topic. Per subdomain, the Framework states a principle and Control Requirements.

• A Principle summarizes the main set of required IT controls related to the subdomain.
• The Control Requirements reflects the mandated IT controls that should be considered.

The framework should be implemented in view of principles mentioned in per subdomains along with its associated Control Requirements.

Control Requirements have been uniquely numbered according to the following numbering system throughout the Framework:

Figure 2 - Control requirements numbering system

The figure below illustrates the overall structure of the Framework and indicates the IT Governance Framework domains and subdomains, including a reference to the applicable section of the Framework.

Figure 3 - Information Technology Governance Framework