ISO/IEC 38500

ISO/IEC 38500

There are no products matching the selection.

ISO 38500 

1 Title/current version of ISO 38500 books
ISO/IEC 38500:2008 Corporate governance of information
technology

2 The basics of ISO 38500 books
ISO/IEC 38500:2008 provides guiding principles for directors
of organizations (including owners, board members, directors,
partners, senior executives, or similar) on the effective, efficient,
and acceptable use of IT within their organizations.

3 ISO 38500 books Summary
ISO/IEC 38500:2008 is owned by the International Standards
Organization (ISO) and the International Electrotechnical
Commission (IEC). The standard helps to clarify IT governance
from the top down by describing it as the means through which
directors can demonstrate to all stakeholders and compliance
bodies their effective stewardship over IT resources by ensuring
that an appropriate governance and security framework exists for
all IT activities as a result of covering the following principles.

The principles are:
• Responsibility – employees know their responsibilities both
in terms of demand and supply of IT and have the authority to
meet them
• Strategy – business strategies should be aligned with IT
possibilities, and all IT within an organization should support
the business strategies
• Acquisition – all IT investments must be made on the basis
of a business case with regular monitoring in place to assess
whether the assumptions still hold
• Performance – the performance of IT systems should lead to
business benefits and therefore it is necessary that IT supports
the business effectively
• Conformance – IT systems should help to ensure that business
processes comply with legislation and regulations; IT itself
must also comply with legal requirements and agreed internal
rules
• Human behavior – IT policies, practices and decisions respect
human behavior and acknowledge the needs of all the people
in the process

The standard consists of three parts: Scope, Framework and
Guidance.

4 Target audience of ISO 38500 books
Senior managers; members of groups monitoring the resources
within the organization; external business or technical specialists,
such as legal or accounting specialists, retail associations,
or professional bodies; vendors of hardware, software,
communications and other IT products; internal and external
service providers (including consultants); IT auditors.

5 ISO 38500 books scope and constraints
ISO/IEC 38500:2008 applies to the governance of management
processes (and decisions) relating to the information and
communication services used by an organization. These
processes could be controlled by IT specialists within the
organization, or external service providers, or by business units
within the organization. The standard is applicable in all types of
private and public and not-for-profit organizations independent of
their size and form and regardless of the extent of their use of IT.

Strengths
The primary advantage of the ISO/IEC 38500:2008 IT
governance framework is to ensure that accountability is clearly
assigned for all IT risks and activities. This specifically includes
assigning and monitoring IT security responsibilities, strategies
and behaviors so that appropriate measures and mechanisms
are established for reporting on and responding to the current
and planned use of IT – for example, meeting the latest data
protection requirements for encryption of all portable devices
such as laptops and memory sticks used to store and transmit
personal data.

Constraints
• Outsourcing: some requirements are so specific to the
managers of IT that they cannot be imposed on the managers
of the company if their IT is outsourced. In cases such as
these, requirements will need to be secured in the contract
with the supplier of IT services
• Applying the standard in isolation: ISO 38500 is not ‘one size
fits all’. It does not replace COBIT, ITIL, or other standards
or frameworks, but, rather, it complements them by providing
a demand-side-of-IT-use focus

6 Relevant website of ISO 38500 books
www.iso.org

Read more