iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 38505-1:2017

(Main)

Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data

Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data

ISO/IEC 38505-1:2017 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of data within their organizations by - applying the governance principles and model of ISO/IEC 38500 to the governance of data, - assuring stakeholders that, if the principles and practices proposed by this document are followed, they can have confidence in the organization's governance of data, - informing and guiding governing bodies in the use and protection of data in their organization, and - establishing a vocabulary for the governance of data. ISO/IEC 38505-1:2017 can also provide guidance to a wider community, including: - executive managers, - external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies, - internal and external service providers (including consultants), and - auditors. While this document looks at the governance of data and its use within an organization, guidance on the implementation arrangement for the effective governance of IT in general is found in ISO/IEC/TS 38501. The constructs in ISO/IEC/TS 38501 can help to identify internal and external factors relating to the governance of IT and help to define beneficial outcomes and identify evidence of success. ISO/IEC 38505-1:2017 applies to the governance of the current and future use of data that is created, collected, stored or controlled by IT systems, and impacts the management processes and decisions relating to data. ISO/IEC 38505-1:2017 defines the governance of data as a subset or domain of the governance of IT, which itself is a subset or domain of organizational, or in the case of a corporation, corporate governance. ISO/IEC 38505-1:2017 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. This document is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their dependence on data.

Technologies de l'information — Gouvernance des technologies de l'information — Gouvernance des données — Partie 1: Application de l'ISO/IEC 38500 à la gouvernance des données

General Information

Status
Published
Publication Date
30-Mar-2017
ICS
35.020 - Information technology (IT) in general
Technical Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Drafting Committee
ISO/IEC JTC 1/SC 40/WG 1 - Governance of InformationTechnology
Current Stage
9092 - International Standard to be revised
Start Date
09-Jun-2023
Completion Date
19-Apr-2025
Ref Project
ISO/IEC 38505-1:2017 - Information technology -- Governance of IT -- Governance of dataISO/IEC 38505-1:2017 - Information technology -- Governance of IT -- Governance of data
PreviousNext
Standard
ISO/IEC 38505-1:2017 - Information technology -- Governance of IT -- Governance of data
English language
20 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 38505-1
First edition
2017-04
Information technology — Governance
of IT — Governance of data —
Part 1:
Application of ISO/IEC 38500 to the
governance of data
Technologies de l’information — Gouvernance des technologies de
l’information — Gouvernance des données —
Partie 1: Application de l’ISO/IEC 38500 à la gouvernance des données
Reference number
©
ISO/IEC 2017
© ISO/IEC 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2017 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 2
4 Good governance of data . 4
4.1 Benefits of good governance of data . 4
4.2 Responsibilities of the governing body . 5
4.3 Governing body and oversight mechanisms. 5
5 Principles, model and aspects for good governance of data . 5
6 Data accountability . 6
6.1 General . 6
6.2 Collect . 7
6.3 Store . 8
6.4 Report . 8
6.5 Decide . 9
6.6 Distribute . 9
6.7 Dispose .10
7 Guidance for the governance of data — Principles .10
7.1 General .10
7.2 Principle 1 — Responsibility .10
7.3 Principle 2 — Strategy .11
7.4 Principle 3 — Acquisition .11
7.5 Principle 4 — Performance .11
7.6 Principle 5 — Conformance .11
7.7 Principle 6 — Human behaviour .12
8 Guidance for the governance of data — Model .12
8.1 Applying the model .12
8.2 Internal requirements .13
8.3 External pressures .13
8.4 Evaluate .13
8.5 Direct .14
8.6 Monitor .14
9 Guidance for the governance of data — Data-specific aspects .15
9.1 General .15
9.2 Value .15
9.2.1 General.15
9.2.2 Quality .15
9.2.3 Timeliness.16
9.2.4 Context .16
9.2.5 Volume .16
9.3 Risk .16
9.3.1 General.16
9.3.2 Management .16
9.3.3 Data classification schemes .17
9.3.4 Security .17
9.4 Constraints .17
9.4.1 General.17
9.4.2 Regulation and legislation .17
9.4.3 Societal .17
9.4.4 Organizational policy .18
© ISO/IEC 2017 – All rights reserved iii

10 Application of the data accountability map .18
Bibliography .20
iv © ISO/IEC 2017 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO’s adherence to the World Trade Organization (WTO) principles in the
Technical Barriers to Trade (TBT) see the following URL: www . i so .org/ iso/ foreword .html.
This document was prepared by Technical Committee ISO/IEC/JTC 1, Information technology,
Subcommittee SC 40, IT Service Management and IT Governance.
© ISO/IEC 2017 – All rights reserved v

Introduction
The objective of this document is to provide principles, definitions and a model for governing bodies to
use when evaluating, directing and monitoring the handling and use of data in their organizations.
This document is a high level, principles-based advisory standard. In addition to providing broad
guidance on the role of a governing body, it encourages organizations to use appropriate standards to
underpin their governance of data.
All organizations use data, and the major proportion of this data is stored electronically across IT
systems. With the advent of cloud computing, the realization of the potential of the “internet of things”
and the increasing use of “big data” analytics, data is becoming easier to generate, gather, store and
mine for use
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC TS 20000-16:2025(Main)
Information technology — Service management — Part 16: Guidance on sustainability within a service management system based on ISO/IEC 20000-1

This document provides guidance for including sustainability within a service management system (SMS) based on the requirements defined in ISO/IEC 20000-1. It is aimed at: — organizations that are intending to implement the requirements of ISO/IEC 20000-1 and directly address sustainability; — organizations that intend to leverage their existing SMS to enable sustainability actions and sustainable delivery; — consultants, trainers and other experts supporting organizations that utilize ISO/IEC 20000-1, so that they can be informed on how to include sustainability actions in an SMS. Sustainability in this context has three interdependent dimensions, which are environmental, social and economic. Annex A expands on the three dimensions with examples of each. The guidance provided in this document aims to help organizations consider and address sustainability objectives as well as challenges related to their services. The complexity and detail surrounding the inclusion of sustainability within an SMS will vary and be dependent on the context of the organization, the scope of the SMS, compliance obligations and the nature of the services within the scope of the SMS. This document is intended to be used in conjunction with ISO/IEC 20000-1 to address sustainability objectives related to specific requirements in ISO/IEC 20000-1. As such, it is anticipated that the user of this document is aware of the requirements in ISO/IEC 20000-1. The suggestions included across clauses in this document will be most effective when applied to an SMS which is implemented according to the corresponding clauses in ISO/IEC 20000-1. Application of this guidance to an SMS according to ISO/IEC 20000-1 is therefore recommended. This document supports and is an addition to the guidance already provided in ISO/IEC 20000-2, ISO/IEC 20000-3, ISO/IEC TS 20000-5 and other parts of the ISO/IEC 20000 series. Organizations can use the guidance in this document to also address the new requirements identified in ISO/IEC 20000-1:2018/Amd 1:2024 and ISO’s objectives to address climate change. The recommendations in this document for improving sustainability within an SMS are not exclusive and can be implemented along with other sustainability initiatives.

  • Technical specification
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 20000-17:2024(Main)
Information technology — Service management — Part 17: Scenarios for the practical application of service management systems based on ISO/IEC 20000-1:2018

This document provides scenarios, explanations and examples for the practical application of service management systems (SMS) based on ISO/IEC 20000-1:2018. These scenarios provide examples of situations in which an SMS can be used and how the requirements of ISO/IEC 20000-1:2018 can be applied. This document can be used with ISO/IEC 20000-1 as well as with ISO/IEC 20000-2, ISO/IEC 20000-3, ISO/IEC TS 20000-5 and other parts of the ISO/IEC 20000 series. This document is aimed at: a) organizations that are intending to implement an SMS based on the requirements of ISO/IEC 20000-1; b) organizations that have already implemented an SMS based on the requirements of ISO/IEC 20000-1; c) consultants, trainers and other experts supporting these organizations. This document does not add to, change or replace any of the requirements in ISO/IEC 20000-1. This document is not intended to be used for a conformity assessment.

  • Technical report
    44 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-2:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 2: Process assessment model (PAM)

This document specifies the process assessment model (PAM). It contains process definitions of the ITES-BPO lifecycle defined in ISO/IEC 30105-1 and a model suitable for assessing process capability. The outcomes in the PAM are clearly defined, observable results, aligned to the business benefits derived by the customer and service provider. A PAM consists of a set of indicators for process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to determine ratings. The set of indicators included in this document is not intended to be an all-inclusive set, nor is it intended to be applicable in its entirety. Supersets and subsets are selected according to the context and the scope of the assessment. The PAM in this document is directed at assessment sponsors and competent assessors who wish to select a model and an associated documented assessment process for the ITES-BPO lifecycle processes, for process capability gap determination.

  • Standard
    135 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-3:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 3: Measurement framework (MF) and organization maturity model (OMM)

This document specifies a measurement framework (MF) and an organization maturity model (OMM). It provides the overview of how an organization can use the process reference model (PRM) in ISO/IEC 30105-1 and the process assessment model (PAM) in ISO/IEC 30105-2 to measure their capability and maturity levels. It conforms to the requirements of ISO/IEC 33003 and ISO/IEC 33004 and supports the performance assessment by providing a framework to measure and derive capability and organization maturity levels. This document is intended to be used in concurrence with the other parts of the ISO/IEC 30105 series and the assessment approach provided by ISO/IEC 33002 for assessing processes.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-1:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 1: Process reference model (PRM)

The ISO/IEC 30105 series specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document specifies the process reference model (PRM). It contains process definitions across the lifecycle described in terms of process context, purpose and outcomes, together with a framework defining relationships between the processes. The process purpose details the high-level objective of performing the process such that implementation of the process leads to tangible benefits for stakeholders. The process outcomes are clearly defined by observable results and aligned to the business benefits derived by the customer and service provider. This document: — covers IT enabled business processes that are outsourced; — is not intended to address IT processes, but includes references to them at key touchpoints for completeness; — is applicable to the service provider, not to the customer; — is applicable to all lifecycle processes of ITES-BPO; — serves as a PRM for organizations providing ITES-BPO services.

  • Standard
    29 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-5:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 5: Guidance

This document contains the guidance on supporting maturity improvement for service providers. It specifies the provision of assessment results that are repeatable, objective and comparable within similar contexts, and can be used for either process improvement or process capability gap determination. The framework for the conduct of assessments is designed to support the achievement of dependable assessment results. This document provides guidance on the usage of the core parts of the ISO/IEC 30105 series: ISO/IEC 30105-1, ISO/IEC 30105-2 and ISO/IEC 30105-3. This document also introduces the extended parts of the ISO/IEC 30105 series: ISO/IEC TS 30105-6, ISO/IEC TR 30105-7, ISO/IEC 30105-8 and ISO/IEC TS 30105-9.

  • Standard
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 20000-15:2024(Main)
Information technology — Service management — Part 15: Guidance on the application of Agile and DevOps principles in a service management system

This document provides guidance on the relationship between ISO/IEC 20000–1:2018 and two commonly used frameworks, Agile and DevOps. It can be used by any organization or person wishing to understand how Agile and DevOps can be used with ISO/IEC 20000–1, including: a) an organization that has demonstrated or intends to demonstrate conformity to the requirements specified in ISO/IEC 20000–1 and is seeking guidance on the use of Agile or DevOps to establish or improve the SMS and the services; b) an organization that already uses Agile or DevOps and is seeking guidance on how Agile or DevOps can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000–1; c) an assessor or auditor who wishes to understand the use of Agile or DevOps as a support for achieving the requirements specified in ISO/IEC 20000–1. Both approaches can be used independently or together. Depending on the context, an organization can deploy Agile frameworks only, DevOps frameworks only, use both Agile and DevOps frameworks in isolation, or use an integrated workflow with combined Agile and DevOps approaches. In any of these situations, this document can be used as guidance for the integration of Agile and DevOps practices in an SMS. The guidance in this document can assist an organization in planning and preparing for a conformity assessment against ISO/IEC 20000-1, noting that an organization can only claim conformity by fulfilling all requirements specified in ISO/IEC 20000-1.

  • Technical specification
    34 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 38508:2024(Main)
Information technology — Governance of IT — Governance implications of the use of a shared digital service platform among ecosystem organizations

This document provides guidance for members of governing bodies of organizations on the effective, efficient and acceptable use of a shared digital service platform among ecosystem organizations by: — establishing a vocabulary for the governance of a shared digital service platform among ecosystem organizations; — providing a framework for understanding the implications of the use of a shared digital service platform among ecosystem organizations; — guiding governing bodies to evaluate, direct and monitor the introduction and use of a digital service platform, applying the governance principles of ISO/IEC 38500; — assuring stakeholders that, if the guidance proposed by this document is followed, they can have confidence in the organization’s use of shared digital service platform among ecosystem organizations. This document also provides guidance to those advising, informing or assisting governing bodies, including: — executive managers; — members of groups monitoring the resources within the organization; — external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies; — public authorities and policy makers; — internal and external service providers (including consultants); — auditors.

  • Technical specification
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC 20000-1:2018/Amd 1:2024(Amendment)
Information technology — Service management — Part 1: Service management system requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
ISO
ISO/IEC 38500:2024(Main)
Information technology — Governance of IT for the organization

This document provides guiding principles for members of governing bodies of organizations and those that support them on the effective, efficient and acceptable use of information technology (IT) within their organizations. This document is applicable to: — the governance of the organization’s current, and future, use of IT; — the governance of IT as a domain of governance of organizations. In terms of audience, this document is applicable to: — all organizations, including public and private companies, government entities, and not-for-profit organizations; — organizations of all sizes, from the smallest to the largest, regardless of the extent of their use of IT.

  • Standard
    21 pages
    English language
    sale 15% off