ISO/IEC 38500 - the international standard for IT governance
What is ISO/IEC 38500?
ISO 38500 (also known by its full title of ISO/IEC 38500:2008 – Information Technology – Governance of IT for the organization) is the international standard for the corporate governance of IT, providing guidance on the effective and acceptable use of information and communication technologies in an organization.
Contents of ISO 38500
ISO 38500 sets out guiding principles for directors on ensuring effective, efficient, and acceptable use of IT within their organizations so that they can understand and fulfil their legal, ethical, and regulatory requirements.
It applies to the governance of management processes and decisions relating to the information and communication services used by an organization. These processes could be controlled by IT specialists, external service providers, or business units.
ISO/IEC 38500 defines six principles:
Who is ISO 38500 for?
ISO 38500 is suitable for any organization, whatever its size, sector, or location. It is primarily targeted at directors of all kinds (including owners, board members, directors, partners, and senior executives) and those who advise, inform, or assist directors.
It is also suitable not only for those directly responsible for IT, but for associate members of staff such as IT managers; IT staff and business unit managers; members of groups monitoring resources; external business or technical specialists (such as legal or accounting specialists, retail associations, or professional bodies); vendors of hardware, software, communications, and other IT products; internal and external service providers (including consultants); and IT auditors.
Implementing ISO 38500
Although ISO 38500 is a relatively straightforward international standard, actual implementation of an IT governance framework can be challenging.
The Calder-Moir IT Governance Framework evolved alongside ISO 38500 as a conceptual approach to help organizations visualize effective IT governance, drawing on and integrating the wide range of IT management tools and systems that exist in the world today.
The effectiveness of the Calder-Moir Framework as a unifying approach to IT governance and management is exemplified by the Calder-Moir IT Governance Framework Toolkit, which provides practical, detailed tools and guidance for implementing IT governance based on ISO 38500.
Further ISO 38500 resources
IT Governance ISO 38500 web store carries a wide range of helpful resources, including standards, books, and toolkits.
We recommend the following:
ISO 38500 is the first international standard for IT governance, and provides an efficient and effective framework for IT governance, leading to better alignment of IT with organisational decisions.
The standard is avalaible in either hardcopy, or PDF format.
This useful pocket guide provides an account of the scope and objectives of the standard. It outlines the standard's six core principles, sets out the three major tasks that the standard assigns to directors regarding IT, and explains the interrelationship between the two.
The guide also offers advice on how to set up and implement the IT governance framework.
Establishing an IT governance framework will involve many individuals taking ownership of different documents, roles, and procedures.
Designed by experienced consultants, the Calder-Moir IT Governance Framework Toolkit contains a set of document templates and implementation resources that will save you time and money as you implement an IT governance framework based on the international Standard ISO38500.
A practical introduction to complex world of IT Governance frameworks and standards for board executives and IT professionals.
This book will help you to understand how manage those frameworks in line with ISO38500 with the help of the Calder–Moir model.
Speak to an expert
For more information on our CISM products and services, speak to one of our experts today.