What is ISO/IEC 38500?
ISO/IEC 38500 is the international standard for the corporate governance of information technology, and provides guidance to those advising, informing or assisting directors on the effective and acceptable use of information technology (IT) within the organisation.
Assure your stakeholders your IT governance capabilities.
Get your copy of ISO/IEC 38500 today >>
About ISO/IEC 38500
ISO/IEC 38500 applies to the governance of management processes and decisions relating to an organisation’s information and communication services.
It defines six principles:
- Establish responsibilities
- Plan to best support the organisation
- Make acquisitions for valid reasons
- Ensure necessary levels of performance
- Ensure conformance with rules
- Ensure respect for human factors
This Standard originated from an existing Australian standard, AS8015. ISO/IEC 29382, Corporate Governance of Information and Communication Technology, was first published early in 2007 and was officially re-named ISO/IEC 38500 in 2008.
Implementing ISO/IEC 38500
Although ISO/IEC 38500 is a short and straightforward international standard, actual implementation of an IT governance framework can be challenging. The Calder-Moir IT Governance Framework evolved alongside the international standard as a conceptual approach to help organisations visualise effective IT governance, drawing on and integrating the wide range of IT management tools and systems that exist in the world today.