iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 38500:2015

(Main)

Information technology — Governance of IT for the organization

Information technology — Governance of IT for the organization

ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations. It also provides guidance to those advising, informing, or assisting governing bodies. They include the following: executive managers; members of groups monitoring the resources within the organization; external business or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies; internal and external service providers (including consultants); auditors. ISO/IEC 38500:2015 applies to the governance of the organization's current and future use of IT including management processes and decisions related to the current and future use of IT. These processes can be controlled by IT specialists within the organization, external service providers, or business units within the organization. ISO/IEC 38500:2015 defines the governance of IT as a subset or domain of organizational governance, or in the case of a corporation, corporate governance. ISO/IEC 38500:2015 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. ISO/IEC 38500:2015 is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT. The purpose of ISO/IEC 38500:20015 is to promote effective, efficient, and acceptable use of IT in all organizations by: assuring stakeholders that, if the principles and practices proposed by the standard are followed, they can have confidence in the organization's governance of IT, informing and guiding governing bodies in governing the use of IT in their organization, and establishing a vocabulary for the governance of IT.

Technologies de l'information — Gouvernance des technologies de l'information pour l'entreprise

General Information

Status
Withdrawn
Publication Date
10-Feb-2015
ICS
35.020 - Information technology (IT) in general
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Drafting Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Current Stage
9599 - Withdrawal of International Standard
Completion Date
23-Feb-2024
Ref Project

Relations

Revised
ISO/IEC 38500:2024 - Information technology — Governance of IT for the organization
Effective Date
06-Jun-2022
Revises
ISO/IEC 38500:2008 - Corporate governance of information technology
Effective Date
29-Sep-2012

Buy Standard

ISO/IEC 38500:2015 - Information technology -- Governance of IT for the organizationISO/IEC 38500:2015 - Information technology -- Governance of IT for the organization
PreviousNext
Standard
ISO/IEC 38500:2015 - Information technology -- Governance of IT for the organization
English language
12 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 38500
Second edition
2015-02-15
Information technology — Governance
of IT for the organization
Technologies de l’information — Gouvernance des technologies de
l’information pour l’entreprise
Reference number
ISO/IEC 38500:2015(E)
©
ISO/IEC 2015

---------------------- Page: 1 ----------------------
ISO/IEC 38500:2015(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2015 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 38500:2015(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Terms and definitions . 1
3 Benefits of Good Governance of IT . 4
4 Principles and Model for Good Governance of IT . 5
4.1 Principles . 5
4.2 Model . 6
5 Guidance for the Governance of IT . 8
5.1 General . 8
5.2 Principle 1: Responsibility . 8
5.3 Principle 2: Strategy . 8
5.4 Principle 3: Acquisition . 9
5.5 Principle 4: Performance. 9
5.6 Principle 5: Conformance .10
5.7 Principle 6: Human Behaviour .10
Bibliography .12
© ISO/IEC 2015 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 38500:2015(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of Inte
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 30105-2:2016(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 2: Process assessment model (PAM)

ISO/IEC 30105-2:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - serves as a process assessment model for organizations providing ITES-BPO services that: - conforms to the requirements of ISO/IEC 33004; - supports the performance assessment by providing indicators for the interpretation of the process purposes and outcomes, as defined in ISO/IEC 24774, and the process attributes, as defined in ISO/IEC 33020. A process assessment model consists of a set of indicators for process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to determine ratings. The set of indicators included in this document is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. Supersets and subsets that are appropriate to the context and scope of the assessment should be selected. The process assessment model in this document is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented assessment process, for the ITES-BPO lifecycle processes, for risk determination or process improvement.

  • Standard
    115 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-3:2016(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 3: Measurement framework (MF) and organization maturity model (OMM)

ISO/IEC 30105-3:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - serves as a measurement framework for processes and provide an organization maturity model for organizations providing ITES-BPO services that: - conforms to the requirements of ISO/IEC 33003 and ISO/IEC 33004; - supports the performance assessment by providing a framework to measure and derive capability and organization maturity levels.

  • Standard
    24 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-5:2016(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 5: Guidelines

ISO/IEC 30105-5:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - provides guidance on application of the process assessment model, how to strategically leverage the assessment and to use it in the context of an improvement programme or risk assessment for an ITES-BPO service provider organization.

  • Standard
    37 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-1:2016(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 1: Process reference model (PRM)

ISO/IEC 30105-1:2016 specifies the lifecycle process requirements performed by the IT-enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT-enabled business processes that are outsourced; - is not intended to address IT processes but includes references to them at key touchpoints for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - serves as a process reference model for organizations providing ITES-BPO services.

  • Standard
    24 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 38501:2015(Main)
Information technology — Governance of IT — Implementation guide

ISO/IEC TS 38501:2015 provides guidance on how to implement arrangements for effective governance of IT within an organization.

  • Technical specification
    15 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-2:2016(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 2: Process assessment model (PAM)

ISO/IEC 30105-2:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - serves as a process assessment model for organizations providing ITES-BPO services that: - conforms to the requirements of ISO/IEC 33004; - supports the performance assessment by providing indicators for the interpretation of the process purposes and outcomes, as defined in ISO/IEC 24774, and the process attributes, as defined in ISO/IEC 33020. A process assessment model consists of a set of indicators for process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to determine ratings. The set of indicators included in this document is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. Supersets and subsets that are appropriate to the context and scope of the assessment should be selected. The process assessment model in this document is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented assessment process, for the ITES-BPO lifecycle processes, for risk determination or process improvement.

  • Standard
    115 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-3:2016(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 3: Measurement framework (MF) and organization maturity model (OMM)

ISO/IEC 30105-3:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - serves as a measurement framework for processes and provide an organization maturity model for organizations providing ITES-BPO services that: - conforms to the requirements of ISO/IEC 33003 and ISO/IEC 33004; - supports the performance assessment by providing a framework to measure and derive capability and organization maturity levels.

  • Standard
    24 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-5:2016(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 5: Guidelines

ISO/IEC 30105-5:2016 specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT enabled business processes that are outsourced; - is not intended to cover IT services but includes similar, relevant process for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - provides guidance on application of the process assessment model, how to strategically leverage the assessment and to use it in the context of an improvement programme or risk assessment for an ITES-BPO service provider organization.

  • Standard
    37 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-1:2016(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 1: Process reference model (PRM)

ISO/IEC 30105-1:2016 specifies the lifecycle process requirements performed by the IT-enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document: - covers IT-enabled business processes that are outsourced; - is not intended to address IT processes but includes references to them at key touchpoints for completeness; - is applicable to the service provider, not to the customer; - is applicable to all lifecycle processes of ITES-BPO; - serves as a process reference model for organizations providing ITES-BPO services.

  • Standard
    24 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 38501:2015(Main)
Information technology — Governance of IT — Implementation guide

ISO/IEC TS 38501:2015 provides guidance on how to implement arrangements for effective governance of IT within an organization.

  • Technical specification
    15 pages
    English language
    sale 15% off