iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 38500:2024

(Main)

Information technology — Governance of IT for the organization

Information technology — Governance of IT for the organization

This document provides guiding principles for members of governing bodies of organizations and those that support them on the effective, efficient and acceptable use of information technology (IT) within their organizations. This document is applicable to: — the governance of the organization’s current, and future, use of IT; — the governance of IT as a domain of governance of organizations. In terms of audience, this document is applicable to: — all organizations, including public and private companies, government entities, and not-for-profit organizations; — organizations of all sizes, from the smallest to the largest, regardless of the extent of their use of IT.

Technologies de l'information — Gouvernance des technologies de l'information pour l'entreprise

General Information

Status
Published
Publication Date
22-Feb-2024
ICS
35.020 - Information technology (IT) in general
Technical Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Drafting Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Current Stage
6060 - International Standard published
Start Date
23-Feb-2024
Due Date
31-Aug-2023
Completion Date
23-Feb-2024
Ref Project

Relations

Revises
ISO/IEC 38500:2015 - Information technology — Governance of IT for the organization
Effective Date
06-Jun-2022
ISO/IEC 38500:2024 - Information technology — Governance of IT for the organization Released:23. 02. 2024ISO/IEC 38500:2024 - Information technology — Governance of IT for the organization Released:23. 02. 2024
PreviousNext
Standard
ISO/IEC 38500:2024 - Information technology — Governance of IT for the organization Released:23. 02. 2024
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO/IEC 38500
Third edition
Information technology —
2024-02
Governance of IT for the
organization
Technologies de l'information — Gouvernance des technologies
de l'information pour l'entreprise
Reference number
© ISO/IEC 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
© ISO/IEC 2024 – All rights reserved
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Good governance of IT . 3
4.1 Outcomes of good governance of IT .3
4.1.1 Overview .3
4.1.2 Effective performance .3
4.1.3 Responsible stewardship .4
4.1.4 Ethical behaviour .4
4.2 Principles, model and framework.4
5 Principles for the governance of IT . 5
5.1 Overview .5
5.2 Purpose .6
5.2.1 Principle .6
5.2.2 Governance implications for use of IT .6
5.2.3 Outcomes .7
5.3 Value generation.7
5.3.1 Principle .7
5.3.2 Governance implications for use of IT .7
5.3.3 Outcomes .7
5.4 Strategy .8
5.4.1 Principle .8
5.4.2 Governance implications for use of IT .8
5.4.3 Outcomes .8
5.5 Oversight . .8
5.5.1 Principle .8
5.5.2 Governance implications for use of IT .8
5.5.3 Outcomes .9
5.6 Accountability .9
5.6.1 Principle .9
5.6.2 Governance implications for use of IT .9
5.6.3 Outcomes .10
5.7 Stakeholder engagement .10
5.7.1 Principle .10
5.7.2 Governance implications for use of IT .10
5.7.3 Outcomes .10
5.8 Leadership .11
5.8.1 Principle .11
5.8.2 Governance implications for use of IT .11
5.8.3 Outcomes .11
5.9 Data and decisions .11
5.9.1 Principle .11
5.9.2 Governance implications for use of IT .11
5.9.3 Outcomes . 12
5.10 Risk governance . 12
5.10.1 Principle . 12
5.10.2 Governance implications for use of IT . 12
5.10.3 Outcomes . 13
5.11 Social responsibility . 13
5.11.1 Principle . 13
5.11.2 Governance implications for use of IT . 13

© ISO/IEC 2024 – All rights reserved
iii
5.11.3 Outcomes . 13
5.12 Viability and performance over time. 13
5.12.1 Principle . 13
5.12.2 Governance implications for use of IT .14
5.12.3 Outcomes .14
6 Model for the governance of IT . 14
6.1 Introduction .14
6.2 Governance of IT practice . 15
6.2.1 Engage stakeholders . 15
6.2.2 Evaluate . 15
6.2.3 Direct .16
6.2.4 Monitor .16
6.3 Management of IT practice .16
6.4 Framework for the governance of IT .16
7 Framework for the governance of IT .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC TS 20000-16:2025(Main)
Information technology — Service management — Part 16: Guidance on sustainability within a service management system based on ISO/IEC 20000-1

This document provides guidance for including sustainability within a service management system (SMS) based on the requirements defined in ISO/IEC 20000-1. It is aimed at: — organizations that are intending to implement the requirements of ISO/IEC 20000-1 and directly address sustainability; — organizations that intend to leverage their existing SMS to enable sustainability actions and sustainable delivery; — consultants, trainers and other experts supporting organizations that utilize ISO/IEC 20000-1, so that they can be informed on how to include sustainability actions in an SMS. Sustainability in this context has three interdependent dimensions, which are environmental, social and economic. Annex A expands on the three dimensions with examples of each. The guidance provided in this document aims to help organizations consider and address sustainability objectives as well as challenges related to their services. The complexity and detail surrounding the inclusion of sustainability within an SMS will vary and be dependent on the context of the organization, the scope of the SMS, compliance obligations and the nature of the services within the scope of the SMS. This document is intended to be used in conjunction with ISO/IEC 20000-1 to address sustainability objectives related to specific requirements in ISO/IEC 20000-1. As such, it is anticipated that the user of this document is aware of the requirements in ISO/IEC 20000-1. The suggestions included across clauses in this document will be most effective when applied to an SMS which is implemented according to the corresponding clauses in ISO/IEC 20000-1. Application of this guidance to an SMS according to ISO/IEC 20000-1 is therefore recommended. This document supports and is an addition to the guidance already provided in ISO/IEC 20000-2, ISO/IEC 20000-3, ISO/IEC TS 20000-5 and other parts of the ISO/IEC 20000 series. Organizations can use the guidance in this document to also address the new requirements identified in ISO/IEC 20000-1:2018/Amd 1:2024 and ISO’s objectives to address climate change. The recommendations in this document for improving sustainability within an SMS are not exclusive and can be implemented along with other sustainability initiatives.

  • Technical specification
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC TR 20000-17:2024(Main)
Information technology — Service management — Part 17: Scenarios for the practical application of service management systems based on ISO/IEC 20000-1:2018

This document provides scenarios, explanations and examples for the practical application of service management systems (SMS) based on ISO/IEC 20000-1:2018. These scenarios provide examples of situations in which an SMS can be used and how the requirements of ISO/IEC 20000-1:2018 can be applied. This document can be used with ISO/IEC 20000-1 as well as with ISO/IEC 20000-2, ISO/IEC 20000-3, ISO/IEC TS 20000-5 and other parts of the ISO/IEC 20000 series. This document is aimed at: a) organizations that are intending to implement an SMS based on the requirements of ISO/IEC 20000-1; b) organizations that have already implemented an SMS based on the requirements of ISO/IEC 20000-1; c) consultants, trainers and other experts supporting these organizations. This document does not add to, change or replace any of the requirements in ISO/IEC 20000-1. This document is not intended to be used for a conformity assessment.

  • Technical report
    44 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-2:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 2: Process assessment model (PAM)

This document specifies the process assessment model (PAM). It contains process definitions of the ITES-BPO lifecycle defined in ISO/IEC 30105-1 and a model suitable for assessing process capability. The outcomes in the PAM are clearly defined, observable results, aligned to the business benefits derived by the customer and service provider. A PAM consists of a set of indicators for process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to determine ratings. The set of indicators included in this document is not intended to be an all-inclusive set, nor is it intended to be applicable in its entirety. Supersets and subsets are selected according to the context and the scope of the assessment. The PAM in this document is directed at assessment sponsors and competent assessors who wish to select a model and an associated documented assessment process for the ITES-BPO lifecycle processes, for process capability gap determination.

  • Standard
    135 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-3:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 3: Measurement framework (MF) and organization maturity model (OMM)

This document specifies a measurement framework (MF) and an organization maturity model (OMM). It provides the overview of how an organization can use the process reference model (PRM) in ISO/IEC 30105-1 and the process assessment model (PAM) in ISO/IEC 30105-2 to measure their capability and maturity levels. It conforms to the requirements of ISO/IEC 33003 and ISO/IEC 33004 and supports the performance assessment by providing a framework to measure and derive capability and organization maturity levels. This document is intended to be used in concurrence with the other parts of the ISO/IEC 30105 series and the assessment approach provided by ISO/IEC 33002 for assessing processes.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-1:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 1: Process reference model (PRM)

The ISO/IEC 30105 series specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document specifies the process reference model (PRM). It contains process definitions across the lifecycle described in terms of process context, purpose and outcomes, together with a framework defining relationships between the processes. The process purpose details the high-level objective of performing the process such that implementation of the process leads to tangible benefits for stakeholders. The process outcomes are clearly defined by observable results and aligned to the business benefits derived by the customer and service provider. This document: — covers IT enabled business processes that are outsourced; — is not intended to address IT processes, but includes references to them at key touchpoints for completeness; — is applicable to the service provider, not to the customer; — is applicable to all lifecycle processes of ITES-BPO; — serves as a PRM for organizations providing ITES-BPO services.

  • Standard
    29 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-5:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 5: Guidance

This document contains the guidance on supporting maturity improvement for service providers. It specifies the provision of assessment results that are repeatable, objective and comparable within similar contexts, and can be used for either process improvement or process capability gap determination. The framework for the conduct of assessments is designed to support the achievement of dependable assessment results. This document provides guidance on the usage of the core parts of the ISO/IEC 30105 series: ISO/IEC 30105-1, ISO/IEC 30105-2 and ISO/IEC 30105-3. This document also introduces the extended parts of the ISO/IEC 30105 series: ISO/IEC TS 30105-6, ISO/IEC TR 30105-7, ISO/IEC 30105-8 and ISO/IEC TS 30105-9.

  • Standard
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 20000-15:2024(Main)
Information technology — Service management — Part 15: Guidance on the application of Agile and DevOps principles in a service management system

This document provides guidance on the relationship between ISO/IEC 20000–1:2018 and two commonly used frameworks, Agile and DevOps. It can be used by any organization or person wishing to understand how Agile and DevOps can be used with ISO/IEC 20000–1, including: a) an organization that has demonstrated or intends to demonstrate conformity to the requirements specified in ISO/IEC 20000–1 and is seeking guidance on the use of Agile or DevOps to establish or improve the SMS and the services; b) an organization that already uses Agile or DevOps and is seeking guidance on how Agile or DevOps can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000–1; c) an assessor or auditor who wishes to understand the use of Agile or DevOps as a support for achieving the requirements specified in ISO/IEC 20000–1. Both approaches can be used independently or together. Depending on the context, an organization can deploy Agile frameworks only, DevOps frameworks only, use both Agile and DevOps frameworks in isolation, or use an integrated workflow with combined Agile and DevOps approaches. In any of these situations, this document can be used as guidance for the integration of Agile and DevOps practices in an SMS. The guidance in this document can assist an organization in planning and preparing for a conformity assessment against ISO/IEC 20000-1, noting that an organization can only claim conformity by fulfilling all requirements specified in ISO/IEC 20000-1.

  • Technical specification
    34 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 38508:2024(Main)
Information technology — Governance of IT — Governance implications of the use of a shared digital service platform among ecosystem organizations

This document provides guidance for members of governing bodies of organizations on the effective, efficient and acceptable use of a shared digital service platform among ecosystem organizations by: — establishing a vocabulary for the governance of a shared digital service platform among ecosystem organizations; — providing a framework for understanding the implications of the use of a shared digital service platform among ecosystem organizations; — guiding governing bodies to evaluate, direct and monitor the introduction and use of a digital service platform, applying the governance principles of ISO/IEC 38500; — assuring stakeholders that, if the guidance proposed by this document is followed, they can have confidence in the organization’s use of shared digital service platform among ecosystem organizations. This document also provides guidance to those advising, informing or assisting governing bodies, including: — executive managers; — members of groups monitoring the resources within the organization; — external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies; — public authorities and policy makers; — internal and external service providers (including consultants); — auditors.

  • Technical specification
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC 20000-1:2018/Amd 1:2024(Amendment)
Information technology — Service management — Part 1: Service management system requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
ISO
ISO/IEC TS 20000-14:2023(Main)
Information technology — Service management — Part 14: Guidance on the application of Service Integration and Management to ISO/IEC 20000-1

This document provides guidance for organizations that are establishing or improving a service management system (SMS) by incorporating a service integrator. The incorporation of a service integrator is aimed at addressing an environment that includes services sourced from multiple service providers. This document specifically focuses on Service Integration and Management (SIAM) in the context of an SMS. The intended users of this document include: — organizations that need to manage multiple service providers within a new or existing SMS according to SIAM; and — consultants and advisors that support an organization during SMS implementation or improvement, where a SIAM approach is being adopted. NOTE 1 This document is applicable for organizations implementing SIAM in conjunction with SMS. It does not limit organizations or individuals from implementing any other management and governance model for managing multivendor environments along with SMS. This document is not applicable to organizations that have only one service provider. NOTE 2 In SIAM, the term "supplier" is not used. Internal and external suppliers are both referred to as “service providers”. See 4.2 for further comparison of terminology.

  • Technical specification
    30 pages
    English language
    sale 15% off