iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 38500:2024

(Main)

Information technology — Governance of IT for the organization

Information technology — Governance of IT for the organization

This document provides guiding principles for members of governing bodies of organizations and those that support them on the effective, efficient and acceptable use of information technology (IT) within their organizations. This document is applicable to: — the governance of the organization’s current, and future, use of IT; — the governance of IT as a domain of governance of organizations. In terms of audience, this document is applicable to: — all organizations, including public and private companies, government entities, and not-for-profit organizations; — organizations of all sizes, from the smallest to the largest, regardless of the extent of their use of IT.

Technologies de l'information — Gouvernance des technologies de l'information pour l'entreprise

General Information

Status
Published
Publication Date
22-Feb-2024
ICS
35.020 - Information technology (IT) in general
Technical Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Drafting Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Current Stage
6060 - International Standard published
Start Date
23-Feb-2024
Due Date
31-Aug-2023
Completion Date
23-Feb-2024
Ref Project

Relations

Revises
ISO/IEC 38500:2015 - Information technology — Governance of IT for the organization
Effective Date
06-Jun-2022

Buy Standard

ISO/IEC 38500:2024 - Information technology — Governance of IT for the organization Released:23. 02. 2024ISO/IEC 38500:2024 - Information technology — Governance of IT for the organization Released:23. 02. 2024
PreviousNext
Standard
ISO/IEC 38500:2024 - Information technology — Governance of IT for the organization Released:23. 02. 2024
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 38500 - Information technology — Governance of IT for the organization Released:14. 06. 2023ISO/IEC 38500 - Information technology — Governance of IT for the organization Released:14. 06. 2023
PreviousNext
Draft
ISO/IEC 38500 - Information technology — Governance of IT for the organization Released:14. 06. 2023
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview
REDLINE ISO/IEC 38500 - Information technology — Governance of IT for the organization Released:14. 06. 2023REDLINE ISO/IEC 38500 - Information technology — Governance of IT for the organization Released:14. 06. 2023
PreviousNext
Draft
REDLINE ISO/IEC 38500 - Information technology — Governance of IT for the organization Released:14. 06. 2023
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

International
Standard
ISO/IEC 38500
Third edition
Information technology —
2024-02
Governance of IT for the
organization
Technologies de l'information — Gouvernance des technologies
de l'information pour l'entreprise
Reference number
ISO/IEC 38500:2024(en) © ISO/IEC 2024

---------------------- Page: 1 ----------------------
ISO/IEC 38500:2024(en)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland

© ISO/IEC 2024 – All rights reserved
ii

---------------------- Page: 2 ----------------------
ISO/IEC 38500:2024(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Good governance of IT . 3
4.1 Outcomes of good governance of IT .3
4.1.1 Overview .3
4.1.2 Effective performance .3
4.1.3 Responsible stewardship .4
4.1.4 Ethical behaviour .4
4.2 Principles, model and framework.4
5 Principles for the governance of IT . 5
5.1 Overview .5
5.2 Purpose .6
5.2.1 Principle .6
5.2.2 Governance implications for use of IT .6
5.2.3 Outcomes .7
5.3 Value generation.
...

FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
38500
ISO/IEC JTC 1/SC 40
Information technology — Governance
Secretariat: SA
of IT for the organization
Voting begins on:
2023-06-28
Technologies de l'information — Gouvernance des technologies de
l'information pour l'entreprise
Voting terminates on:
2023-08-23
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/IEC FDIS 38500:2023(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 1 ----------------------
ISO/IEC FDIS 38500:2023(E)
FINAL
INTERNATIONAL ISO/IEC
DRAFT
STANDARD FDIS
38500
ISO/IEC JTC 1/SC 40
Information technology — Governance
Secretariat: SA
of IT for the organization
Voting begins on:
Technologies de l'information — Gouvernance des technologies de
l'information pour l'entreprise
Voting terminates on:
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
RECIPIENTS OF THIS DRAFT ARE INVITED TO
ISO copyright office
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
CP 401 • Ch. de Blandonnet 8
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
CH-1214 Vernier, Geneva
DOCUMENTATION.
Phone: +41 22 749 01 11
IN ADDITION TO THEIR EVALUATION AS
Reference number
Email: copyright@iso.org
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC FDIS 38500:2023(E)
Website: www.iso.org
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
Published in Switzerland
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
ii
  © ISO/IEC 2023 – All rights reserved
NATIONAL REGULATIONS. © ISO/IEC 2023

---------------------- Page: 2 ----------------------
ISO/IEC FDIS 38500:2023(E)
Contents Page
Foreword .v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Good governance of IT .2
4.1 Outcomes of good governance of IT . 2
4.1.1 Overview . 2
4.1.2 Effective performance . 3
4.1.3 Responsible stewardship . 3
4.1.4 Ethical behaviour . 4
4.2 Principles, model and framework.
...

ISO/IEC DIS FDIS 38500:2022(E)
Date: 2022-12-19
ISO/IEC JTC 1/SC 40/WG 1
Secretariat: SA
Date: 2023-06-13
Information technology — Governance of IT for the organization
Secretariat: SA

---------------------- Page: 1 ----------------------
Technologies de l'information — Gouvernance des technologies de l'information pour l'entreprise
FDIS stage

---------------------- Page: 2 ----------------------
ISO/IEC FDIS 38500:2023(E)
© ISO 2022/IEC 2023
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this
publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical,
including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can
be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
EmailE-mail: copyright@iso.org
Website: www.iso.orgwww.iso.org
Published in Switzerland
© ISO/IEC 2023 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC FDIS 38500:2023(E)
Contents
Foreword . viii
Introduction . x
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Good governance of IT . 3
4.1 Outcomes of good governance of IT . 3
4.1.1 Overview . 3
4.1.2 Effective performance . 3
4.1.3 Responsible stewardship . 4
4.1.4 Ethical behaviour . 4
4.2 Principles, model and framework . 5
5 Principles for the governance of IT . 5
5.1 Overview . 5
5.2 Purpose . 7
5.2.1 Principle . 7
5.2.2 Governance implications for use of IT . 7
5.2.3 Outcomes . 7
5.3 Value generation . 8
5.3.1 Principle . 8
5.3.2 Governance implications for use of IT .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC TS 38508:2024(Main)
Information technology — Governance of IT — Governance implications of the use of a shared digital service platform among ecosystem organizations

This document provides guidance for members of governing bodies of organizations on the effective, efficient and acceptable use of a shared digital service platform among ecosystem organizations by: — establishing a vocabulary for the governance of a shared digital service platform among ecosystem organizations; — providing a framework for understanding the implications of the use of a shared digital service platform among ecosystem organizations; — guiding governing bodies to evaluate, direct and monitor the introduction and use of a digital service platform, applying the governance principles of ISO/IEC 38500; — assuring stakeholders that, if the guidance proposed by this document is followed, they can have confidence in the organization’s use of shared digital service platform among ecosystem organizations. This document also provides guidance to those advising, informing or assisting governing bodies, including: — executive managers; — members of groups monitoring the resources within the organization; — external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies; — public authorities and policy makers; — internal and external service providers (including consultants); — auditors.

  • Technical specification
    16 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off
  • Draft
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC 20000-1:2018/Amd 1:2024(Amendment)
Information technology — Service management — Part 1: Service management system requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
ISO
ISO/IEC TS 20000-14:2023(Main)
Information technology — Service management — Part 14: Guidance on the application of Service Integration and Management to ISO/IEC 20000-1

This document provides guidance for organizations that are establishing or improving a service management system (SMS) by incorporating a service integrator. The incorporation of a service integrator is aimed at addressing an environment that includes services sourced from multiple service providers. This document specifically focuses on Service Integration and Management (SIAM) in the context of an SMS. The intended users of this document include: — organizations that need to manage multiple service providers within a new or existing SMS according to SIAM; and — consultants and advisors that support an organization during SMS implementation or improvement, where a SIAM approach is being adopted. NOTE 1 This document is applicable for organizations implementing SIAM in conjunction with SMS. It does not limit organizations or individuals from implementing any other management and governance model for managing multivendor environments along with SMS. This document is not applicable to organizations that have only one service provider. NOTE 2 In SIAM, the term "supplier" is not used. Internal and external suppliers are both referred to as “service providers”. See 4.2 for further comparison of terminology.

  • Technical specification
    30 pages
    English language
    sale 15% off
  • Draft
    29 pages
    English language
    sale 15% off
  • Draft
    29 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 30105-9:2023(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 9: Guidelines on extending process capability assessment for digital transformation

This document specifies the essentials of digital transformations and illustrates the key drivers for enhancing the digital transformation capabilities of the organization, while taking account of different stakeholders’ interests. It describes elements that ITES-BPO organizations can include specifically for digital transformation when implementing the lifecycle processes in the ISO/IEC 30105 series, and which can assist the organization in achieving their desired process capability levels, hereafter "maturity levels", as defined by the stakeholders. It provides guidance on process capability assessment for digital transformation for ITES-BPO organizations. Additionally, this document: — covers IT enabled business processes that are outsourced; — is not intended to address the maturity and capability of the IT processes that support ITES-BPO, but identifies the IT capabilities needed to support the achievement of specific ITES-BPO capabilities; — is applicable to the service provider, not to the customer; — is applicable to all lifecycle processes of ITES-BPO; — provides guidelines to supplement the ISO/IEC 30105-2 process assessment model, enabling assessment of process capability of ITES-BPO organizations undergoing digital transformation.

  • Technical specification
    20 pages
    English language
    sale 15% off
  • Draft
    20 pages
    English language
    sale 15% off
  • Draft
    20 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-8:2022(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 8: Continual performance improvement (CPI) of ITES-BPO

This document specifies a continual performance improvement (CPI) methodology and its major elements, which extend the already-defined continual improvement process (TEN8) in ISO/IEC 30105-1. This document helps ITES-BPO service providers to improve their performance by assessing service delivery. This document does not define technologies and tools for implementing the CPI methodology.

  • Standard
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-4:2022(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 4: Key concepts

The ISO/IEC 30105 series specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: — covers IT enabled business processes that are outsourced; — is not intended to cover IT services but includes similar, relevant process for completeness; — is applicable to the service provider, not to the customer; — is applicable to all lifecycle processes of ITES-BPO; — details the lifecycle of ITES-BPO and the relationship between ISO/IEC 30105-1, ISO/IEC 30105-2, ISO/IEC 30105-3, ISO/IEC 30105-5 and other relevant International Standards.

  • Standard
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC 38503:2022(Main)
Information technology — Governance of IT — Assessment of the governance of IT

This document provides guidance on the assessment of governance of information technology (IT) based on the principles, definitions and model for the governance of IT outlined in ISO/IEC 38500 and ISO/IEC TR 38502 and the implementation considerations outlined in ISO/IEC TS 38501. This document includes approaches for conducting the assessment, the criteria against which the assessment can be made, guidance on the evidence that can be used for the assessment, as well as a method for determining the maturity of the organization’s governance of IT. This document is applicable to organizations of all sizes, regardless of the extent of their use of IT.

  • Standard
    24 pages
    English language
    sale 15% off
  • Draft
    24 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 20000-5:2022(Main)
Information technology — Service management — Part 5: Implementation guidance for ISO/IEC 20000-1

This document provides guidance for organizations on how to implement a service management system (SMS). Organizations can use this document to implement the entire SMS in order to conform to the requirements specified in ISO/IEC 20000-1, or parts of an SMS for a selected subset of requirements. This document illustrates a generic plan to manage implementation activities for an SMS. The intended users of this document are: a) organizations that require support on how to implement an SMS; b) consultants and advisors who support an organization during SMS implementation. This document can be used together with the other parts of ISO/IEC 20000 series.

  • Technical specification
    33 pages
    English language
    sale 15% off
  • Draft
    33 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 38505-3:2021(Main)
Information technology — Governance of data — Part 3: Guidelines for data classification

This document provides essential guidance for members of governing bodies of organizations and management on the use of data classification as a means to support the organization’s overall data governance policy and associated systems. It sets out important factors to be considered in developing and deploying a data classification system.

  • Technical specification
    17 pages
    English language
    sale 15% off
  • Draft
    17 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 30105-6:2021(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 6: Guidelines on risk management

This document provides guidance on risk management practices for the IT enabled services-business process outsourcing (ITES-BPO) service provider for the outsourced business processes. It provides guidance for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and improving the risk management framework for the ITES-BPO services. This document: — covers IT enabled business processes that are outsourced; — is applicable to the service provider; — is applicable to all lifecycle processes of ITES-BPO; — is not intended to cover IT services. The guidelines in this document align to ISO 31000, elaborating the risk principles, risk management framework and risk management process from an ITES-BPO perspective.

  • Technical specification
    18 pages
    English language
    sale 15% off