ISO/IEC 38500, “Information technology — Governance of IT for the organization,” has just been updated. The new 2nd Edition is available from Document Center Inc. in paper format, for pdf download, and as part of our multi-user Standards Online service. The update replaces and cancels the previous 1st Edition from 2008 and is a technical revision. It is intended for use by those in charge of IT (Information Technology) for organizations, from the Board level to those in charge of managerial oversight. And auditors will also find it useful.
ISO/IEC 38500 is a high-level principles based standard. It gives you a set of definitions and a model to use when evaluating, directing and monitoring the use of IT within your organization. Since IT security, connectivity, and other issues are finding their way into the news these days, those tasked with the oversight of IT operations will find this document particularly timely.
What is special about the approach of ISO/IEC 38500? It is a vehicle for highlighting the business context of IT, allowing technical, financial, and scheduling aspects to then play a supporting role. It will also help you understand the complex world of legal, ethical and regulatory obligations that affect your company’s use of IT.
How does the standard address the issue? After the usual scope and definitions clauses, ISO/IEC 38500 provides you with Clause 3 on the benefits of good governance. It then outlines 6 guiding principles that will help you achieve your goals in Clause 4. They are responsibility, strategy, acquisition, performance, conformance, and human behavior. Further, this section suggests that you should govern IT through three main tasks. This model is clearly illustrated in Figure 1.
Now to the heart of the matter. In Clause 5, the nuts and bolts of how to implement this model is outlined. Here you’ll receive the guidance you need to put the principles into practice, with specific information given for each of the 6 principles. A brief 5-item bibliography completes the document.
FYI: ISO/IEC TR 38502, “Information technology – Governance of IT – Framework and model,” was released last year. And the ISO/IEC TS 38501, “Information technology — Governance of IT — Implementation guide,” is under development right now. So there are additional standards to assist you with this area of responsibility.
Certainly the challenges of the fast pace of technological change can be difficult to keep up with. Just remember, in the end the performance of the IT department and of IT deployment rests firmly at the top. You cannot ignore the responsibility and you’ll want as many tools as possible to help you manage this aspect of your business.
So, now you realize you need a copy of this new standard. You can order a copy online at Document Center’s webstore, www.document-center.com. Or contact our staff by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). We’ve been selling standards to folks like you since 1982. And we have a wide range of supporting services to assist manage your compliance documentation. Make us your Standards Expert!
