ISO 38500

The ISO/IEC 38500:2008 Corporate governance of information technology standard provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations use of IT.

ISO/IEC 38500:2008 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations.

This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations. It is organized into three prime sections, specifically, Scope, Framework and Guidance

ISO/IEC 38500:2008 applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization.

The framework comprises definitions, principles and a model. It sets out six principles for good corporate governance of IT:

  • Responsibility;
  • Strategy;
  • Acquisition;
  • Performance;
  • Conformance;
  • Human behaviour.

It also provides guidance to those advising, informing, or assisting directors.


The Model
Directors should govern IT through three main tasks:

1. Evaluate the current and future use of IT.

2. Direct preparation and implementation of plans and policies to ensure that the use of IT meets business objectives.

3. Monitor conformance to policies and performance against the plans.

The standard sets out six principles for good corporate governance of IT. The principles express preferred behavior to guide decision making. The statement of each principle refers to what should happen, but does not prescribe how, when or by whom the principles would be implemented; these aspects are dependent on the nature of the organization implementing the principles. It is similar to a capability maturity model description of an ideal state.



We are offering accredited certificate with Right accreditation Board for ISO 38500 globally.