ISO 38500, New ISO standard for Corporate Governance of Information Technology
ISO/IEC 38500:2008, Corporate governance of information technology, provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations.
The standard will assist directors in assuming conformance with obligations – regularly, legislation, common law, contractual – concerning the acceptable use of IT and to have a proper corporate governance of IT.
The framework comprises definitions, principles and a model. It sets out six principles for good corporate governance of IT:
- Human behaviour.
It also provides guidance to those advising, informing, or assisting directors. They include:
- Senior managers;
- Members of groups monitoring the resources within the organization;
- External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies;
- Vendors of hardware, software, communications and other IT products;
- Internal and external service providers (including consultants);
- IT auditors.
ISO/IEC 38500:2008, Corporate governance of information technology was developed by the joint technical committee ISO/IEC JTC1, information technology, subcommittee SC 7, software and systems engineering. It costs 84 Swiss francs and is available from ISO national member institute