FR | NL | EN
   About us     Contact     Glossary index     Sitemap   

   Home > ISO 38500 - IT Governance Standard

ISO 38500 - IT Governance Standard     Print

ISO/IEC 38500:2008, Corporate governance of information technology, provides a framework for effective governance of IT to assist those at the highest level of organisations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organisations’ use of IT. 

ISO/IEC 38500 is applicable to organisations from all sizes, including public and private companies, government entities, and not-for-profit organisations. This standard provides guiding principles for directors of organisations on the effective, efficient, and acceptable use of Information Technology (IT) within their organisations. 


Because inadequate information technology systems can hinder the performance and competitiveness of organisations or expose them to the risk of not complying with legislation, the new ISO/IEC 38500 standards provides broad guidance on the role of top management in relation to the corporate governance of IT.

The standard will assist directors in assuming conformance with obligations – regularly, legislation, common law, contractual – concerning the acceptable use of IT and to have a proper corporate governance of IT.


The framework comprises definitions, principles and a model. It sets out six principles for good corporate governance of IT:

  • Responsibility;
  • Strategy;
  • Acquisition;
  • Performance;
  • Conformance;
  • Human behaviour.


This standard is targeted at the board of an organisation, to assist the board in delivering the maximum value from IT and information assets across the organisation. It also provides guidance to those advising, informing, or assisting directors.  They include:

  • Senior managers;
  • Members of groups monitoring the resources within the organisation;
  • External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies;
  • Vendors of hardware, software, communications and other IT products;
  • Internal and external service providers (including consultants);
  • IT auditors.


ISO/IEC 38500:2008, Corporate governance of information technology was developed by the joint technical committee ISO/IEC JTC1, information technology, subcommittee SC 7, software and systems engineering. It is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat through the ISO Store.

Source: International Organization for Standardization (ISO)   



QAP © 2010 | advice[at] | audit[at]
   Audit     Advisory     Training     Change     Disclaimer     Copyright