<![CDATA[SmartCo, a digital infrastructure provider, faces IoT governance challenges (security, privacy, regulation) despite leveraging IoT for digital transformation. To address this, this research proposes an ambidextrous IoT governance framework that balances exploration (innovation and adaptation) and exploitation (efficiency of existing resources). The framework integrates COBIT 2019 with agile DevOps practices to optimize IT resource value and performance. Employing the Design Science Research (DSR) methodology an approach in Information Systems that provides structured guidance for designing, evaluating, and validating technological solutions, the study assessed the current governance environment, identified design factors, and prioritized Governance and Management Objectives (GMOs). Data were collected through semi-structured interviews with key stakeholders, guided by structured questions, and validated using internal documents in iterative analysis cycles until saturation was reached. DSS05 (Managed Security Services) emerged as the most critical domain. In COBIT 2019, DSS05 includes coordination and execution of IT operational procedures, such as SOPs and monitoring. The governance capability was found at level 3. Gaps included the lack of IoT unit test documentation with a security focus and unclear responsibilities of Testing and Release Managers. Recommendations include defining clearer responsibilities to the testing and release manager roles and mandating security-based unit testing before release. These improvements are projected to raise the DSS05 maturity level from 3.71 to 3.85. This study contributes by offering a tailored IoT governance solution for SmartCo and demonstrating the practical use of ambidextrous COBIT 2019 to manage innovation in dynamic technology environments.]]>
