The objectives of the ISO 38500 standard are described by the standard itself as:
- Assuring stakeholders that they can have confidence in the organization's corporate governance of IT
- Informing/guiding Directors in governing the use of IT in their organization
- Providing a basis for objective evaluation of the corporate governance of IT
ISO 38500 is also intended to guide those involved in designing and implementing the management system of those policies and processes that support governance.
The ISO/IEC 38500 Corporate governance of information technology standard, provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT.
ISO/IEC 38500 is applicable to organizations of all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations.
It is organized into three prime sections, specifically, Scope, Framework, and Guidance
The framework comprises definitions, principles and a model.
It sets out six principles for good corporate governance of IT:
- Human behavior
It also provides guidance to those advising, informing, or assisting directors.
ISO - Performance of the organization
Proper Corporate Governance of IT assists directors to ensure that IT use contributes positively to the performance of the organization, through:
- Appropriate Implementation And Operation of IT Assets
- Clarity of Responsibility And Accountability For Both The Use And Provision of IT In Achieving The Goals of The Organization
- Business Continuity And Sustainability
- Alignment of IT With Business Needs
- Efficient Allocation of Resources
- Innovation In Services, Markets, And Business
- Good Practice In Relationships With Stakeholders
- Reduction In The Costs For An Organization
- Actual Realization of The Approved Benefits From Each IT Investment
INTERNATIONAL STANDARD ISO/IEC 38500
Want to join an amazing conversation? Try this group on LinkedIn.
Members of this group may expect to be invited for review engagements in the development of best practice publications.
For discussion, news, shortlisting of tools, and for relevant content, please be invited to visit the renewed ITSM Portal at www.itsmportal.com...
- Group Members in Your Network
Information Security Mangement
Region Head - North America at ITpreneurs
Head of Information Technology & Corporate Security at MIG Bank
Principal - Trusted Risk Management at GMDL
Head - Security Operations Centre / Cyber Crime Monitoring Cell at PNB
ICT Strategy & Governance Consultant
Cofounder, Compliance Process Partners, laying the groundwork for IT compliance and service management excellence.
ISO/IEC 20000 Advocate with www.ProcessCatalyst.Com
Vice President, Global Quality, and Controls at CA