This website uses cookies. View our cookie policy
Select regional store:

ISO/IEC 38500 - the international standard for IT governance

What is ISO/IEC 38500?

ISO 38500 (also known by its full title of ISO/IEC 38500:2008 – Information Technology – Governance of IT for the organization) is the international standard for the corporate governance of IT, providing guidance on the effective and acceptable use of information and communication technologies in an organization.

Contents of ISO 38500

ISO/IEC 38500 defines six principles:






Human behavior

ISO 38500 sets out guiding principles for directors on ensuring effective, efficient, and acceptable use of IT within their organizations so that they can understand and fulfil their legal, ethical, and regulatory requirements.

It applies to the governance of management processes and decisions relating to the information and communication services used by an organization. These processes could be controlled by IT specialists, external service providers, or business units.

Who is ISO 38500 for?

ISO 38500 is suitable for any organization, whatever its size, sector, or location. It is primarily targeted at directors of all kinds (including owners, board members, directors, partners, and senior executives) and those who advise, inform, or assist directors. It is also suitable not only for those directly responsible for IT, but for associate members of staff such as IT managers; IT staff and business unit managers; members of groups monitoring resources; external business or technical specialists (such as legal or accounting specialists, retail associations, or professional bodies); vendors of hardware, software, communications, and other IT products; internal and external service providers (including consultants); and IT auditors.

Although ISO 38500 is a relatively straightforward international standard, actual implementation of an IT governance framework can be challenging. The Calder-Moir IT Governance Framework evolved alongside ISO 38500 as a conceptual approach to help organizations visualize effective IT governance, drawing on and integrating the wide range of IT management tools and systems that exist in the world today.

The effectiveness of the Calder-Moir Framework as a unifying approach to IT governance and management is exemplified by the Calder-Moir IT Governance Framework Toolkit, which provides practical, detailed tools and guidance for implementing IT governance based on ISO 38500.

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT provides practical guidance on how to implement an IT governance framework based on ISO 38500.

Further ISO 38500 resources

IT Governance ISO 38500 web store carries a wide range of helpful resources, including standards, books, and toolkits. We recommend the following:

ISO 38500: The IT Governance Standard

Purchase copies of the ISO 38500 international standard in either hardcopy or PDF format.

Shop now

ISO/IEC 38500: The IT governance standard

This essential pocket guide will help you to understand both the Standard and the complex area of IT governance.

Shop now

Calder-Moir IT Governance Framework Toolkit

This time-saving toolkit will provide you with all the resources you require to implement an IT governance framework that complies with ISO 38500 – totaling more than 1600 pages of templated policies, procedures, and documentation.

Shop now

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT

This book aims to:

  1. Set out for managers, executives, and IT professionals the practical steps necessary to meet today’s corporate and IT governance requirements.
  2. Provide practical guidance on how board executives and IT professionals can navigate and deploy to best corporate and commercial advantage the numerous IT management and IT governance frameworks and standards available.

Shop now