03712 governmenthouse 1920x1080

The objectives of the ISO 38500 standard are described by the standard itself as:

  1. Assuring stakeholders that they can have confidence in the organization's corporate governance of IT
  2. Informing/guiding Directors in governing the use of IT in their organization
  3. Providing a basis for objective evaluation of the corporate governance of IT

ISO 38500 is also intended to guide those involved in designing and implementing the management system of those policies and processes that support governance.

The ISO/IEC 38500 Corporate governance of information technology standard, provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT.

ISO/IEC 38500 is applicable to organizations of all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations.

It is organized into three prime sections, specifically, Scope, Framework, and Guidance

The framework comprises definitions, principles and a model.

It sets out six principles for good corporate governance of IT:

  1. Responsibility
  2. Strategy
  3. Acquisition
  4. Performance
  5. Conformance
  6. Human behavior

It also provides guidance to those advising, informing, or assisting directors.

ISO - Performance of the organization

Proper Corporate Governance of IT assists directors to ensure that IT use contributes positively to the performance of the organization, through:

  • Appropriate Implementation And Operation of IT Assets
  • Clarity of Responsibility And Accountability For Both The Use And Provision of IT In Achieving The Goals of The Organization
  • Business Continuity And Sustainability
  • Alignment of IT With Business Needs
  • Efficient Allocation of Resources
  • Innovation In Services, Markets, And Business
  • Good Practice In Relationships With Stakeholders
  • Reduction In The Costs For An Organization
  • Actual Realization of The Approved Benefits From Each IT Investment


Want to join an amazing conversation?  Try this group on LinkedIn.

ISO 38500 for IT Governance
Interest group for ISO 38500, the new standard for IT Governance (formerly named ISO 29382). 

Members of this group may expect to be invited for review engagements in the development of best practice publications. 

For discussion, news, shortlisting of tools, and for relevant content, please be invited to visit the renewed ITSM Portal at www.itsmportal.com...

  • Group Members in Your Network

Mitchell Impey

Information Security Mangement

Marc Halcrow

Region Head - North America at ITpreneurs

Martin Dion (CISSP, CISM)

Head of Information Technology & Corporate Security at MIG Bank

Hugh Penri-Williams

Principal - Trusted Risk Management at GMDL

Vijender Kaushik

Head - Security Operations Centre / Cyber Crime Monitoring Cell at PNB

Robert Payne

ICT Strategy & Governance Consultant

Valerie Arraj

Cofounder, Compliance Process Partners, laying the groundwork for IT compliance and service management excellence.

Bryan Shoe

ISO/IEC 20000 Advocate with www.ProcessCatalyst.Com

Darrin King

Vice President, Global Quality, and Controls at CA