Information Systems Governance (ISG) can be defined as a set of rules allowing executives and skateholders to determine how they will decide on the Information System management. The first objective of this paper is to propose a set of meta-rules addressing different aspects of ISG, which are instantiated in each company setting. The second objective is to propose two constrasting models of ISG, which instantiate differently the set of rules. Conventional view of ISG includes hierarchical and centralized control with little flexibility to support rapidly changing organizations. Heterarchical forms are more and more frequently observed in ISG practices (agility, transversality, decentralization...). However, if uncontrolled, heterarchy can lead to the emergence of anarchic phenomena, such as instability, increased conflicts, and waste of resources. Approaching ISG through rules implementation can help controlling heterarchical forms. In the first part of our paper, we describe an ISG as a set of the rules, based on Elinor Ostrom’s work and her IAD (Institutional Analysis and Development) framework. In a second part, we develop each type of rule first according to a hierarchical view, then to a heterarchical one. Beyond theoretical contribution, the proposed set of rules can help CIOs involved in improving ISG. It can also be used to make an organizational analysis of heterarchical practices of a company’s ISG.