ISO/IEC TS 38501, “Information technology – Governance of IT – Implementation guide,” has just been released. This technical specification was developed to compliment ISO/IEC 38500 (recently revised) on IT governance for the organization and ISO/IEC TR 38502, the framework and model report. It specifically addresses the issue of implementing an IT governance strategy with the goals of avoiding the risks associated with software and maximizing the value of IT investments.
IT (Information Technology) is being used more widely than ever in automating business processes and for communication (and transactions) between staff, customers and suppliers. Poor implementations, however, can result in damage both in dollar terms and to company reputations. Since in the end these are really management issues, oversight is needed. This is best achieved using IT governance.
You’ll use the ISO/IEC 38500, “Information technology – Governance of IT for the organization,” for the requirements for IT governance. But both the ISO/IEC TS 38501 and the ISO/IEC/TR 38502 provide you with support and guidance to implement those requirements. How will the ISO/IEC/TS 38501 help you?
Let’s look at the structure of the technical specification. First there’s the usual scope and reference documents clauses. Then the publication dives right into the heart of the matter with Clause 3 on your implementation approach. This is a review of the cyclic process model that is best suited to the task: Setting up and maintaining an “enabling” environment, providing the governance itself, and continually reviewing for improvements. The three following Clauses each elaborates on the one of the 3 “legs” of this process. Clause 5 on Govern IT is particularly lengthy and provides in depth guidance to support your efforts. Two informative Annexes provide you with additional information. Annex A covers your assessment scheme for IT and Annex B reviews the ISO/IEC 38500 principles and assessment criteria. The 2-item bibliography completes the document.
Now you’ll need to get copies. Order online at the Document Center Inc. webstore, www.document-center.com. Or contact our staff by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). Document Center is an authorized dealer for ISO and IEC standards, providing copies in paper format, for pdf download and as part of our multi-user Standards Online subscription service. Make us your Standards Experts!
