iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC TS 38501:2015

(Main)

Information technology — Governance of IT — Implementation guide

Information technology — Governance of IT — Implementation guide

ISO/IEC TS 38501:2015 provides guidance on how to implement arrangements for effective governance of IT within an organization.

Technologies de l'information — Gouvernance des technologies de l'information — Guide d'implémentation

General Information

Status
Published
Publication Date
01-Apr-2015
ICS
35.020 - Information technology (IT) in general
35.080 - Software
Technical Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Drafting Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Current Stage
9093 - International Standard confirmed
Start Date
10-Jun-2025
Completion Date
14-Jun-2025
Ref Project

Buy Standard

ISO/IEC TS 38501:2015 - Information technology -- Governance of IT -- Implementation guideISO/IEC TS 38501:2015 - Information technology -- Governance of IT -- Implementation guide
PreviousNext
Technical specification
ISO/IEC TS 38501:2015 - Information technology -- Governance of IT -- Implementation guide
English language
15 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


TECHNICAL ISO/IEC TS
SPECIFICATION 38501
First edition
2015-04-01
Information technology — Governance
of IT — Implementation guide
Technologies de l’information — Gouvernance des technologies de
l’information — Guide d’implémentation
Reference number
©
ISO/IEC 2015
© ISO/IEC 2015
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2015 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
1.1 Overview . 1
1.2 Purpose . 1
1.3 Audience . 1
2 Normative references . 1
3 Implementation approach . 1
4 Establish and sustain enabling environment . 2
4.1 Overview . 2
4.2 Ensure internal stakeholder engagement . 2
4.3 Clarify sponsorship and responsibilities . 3
5 Govern IT . 3
5.1 Overview . 3
5.2 Evaluate . 4
5.2.1 Overview . 4
5.2.2 Understand internal environment . . 4
5.2.3 Understand external environment . 4
5.2.4 Identify current state of the use of IT . 5
5.3 Direct . 5
5.3.1 Overview . 5
5.3.2 Define desired state for the use of IT . 5
5.3.3 Initiate change program . 6
5.3.4 Identify governance enabling mechanisms . 6
5.4 Monitor . 7
5.4.1 Overview . 7
5.4.2 Define evidence of success . 8
5.4.3 Establish monitoring system . 8
6 Continual Review . 8
Annex A (informative) Assessment Scheme .10
Annex B (informative) ISO/IEC 38500 principles and assessment criteria .12
Bibliography .15
© ISO/IEC 2015 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
Details of any patent rights identified during the development of the document will be in the Introduction
and/or on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity
assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers
to Trade (TBT), see the following URL: Foreword — Supplementary information.
This committee responsible for this document is ISO/IEC JTC 1, Information Technology, Subcommittee
SC 40, IT Service Maintenance and IT Governance.
iv © ISO/IEC 2015 – All rights reserved

Introduction
Information technology (IT) has become pervasive in supporting and enabling the strategy of
organizations and this prevalence mandates the governance of IT as an organizational imperative.
Organizations have made significant investments in IT to automate business processes and to
communicate and transact electronically with their customers and suppliers. The benefits from
these investments have unfortunately not always materialised and in some instances, organizations
have incurred significant financial and reputational damage as a result of IT failures. This has further
heightened governing body awareness of the need for the governance of IT and of their responsibilities
in this regard.
It might be, however, that some governing bodies are uncertain of what arrangements they need to have
in place for the governance of IT.
This Technical Specification has therefore been developed to provide guidance on the implementation
of governance of IT within organizations. It considers governance, both from the perspective of gaining
assurance that the risks associated with the use of IT are appropriately managed, as well as ensuring
that the organization maximizes the value from its investments in IT.
It expands on the model and principles for good governance of IT, as described in ISO/IEC 38500
and ISO/IEC/TR 38502, and provides guidance on a methodology for implementing principles-based
governance of IT.
© ISO/IEC 2015 – All rights reserved v

TECHNICAL SPECIFICATION ISO/IEC TS 38501:2015(E)
Information technology — Governance of IT —
Implementation guide
1 Scope
1.1 Overview
This Technical Specification provides guidance on how to implement arrangements for effective
governance of IT within an organization.
1.2 Purpose
This Technical Specification identifies the key activities that an organization has to undertake to
implement governance of IT, in accordance with ISO/IEC 38500.
It provides guidance on the design and establishment of the arrangements for the governance of IT,
clarifying roles and responsibilities of key stakeholders within the organization, as well as providing
examples of matters to consider in the design of the governance of IT.
1.3 Audience
This Technical Specification can be used by individuals responsible for governance of IT within an
organization and individuals supporting in the governance of organizations. This Technical Specification
is applicable to organizations of all sizes and types.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 38500, Corporate governance of information technology
ISO/IEC/TR 38502, Information technology — Governance of IT — Framework and model
3 Implementation approach
The implementation of the governance of IT should be based on a cyclic approach considering the model
presented in ISO/IEC 38500, Figure 1. The first cycle of activities involves the establishment of the initial
“implementation” or baseline, with subsequent cycles of the activities being used to support and enhance
the governance of IT implementation by means of continual improvement. The duration of cycles will be
different for each organization, depending on a number of factors including the organization’s size, its
industry, as well as the maturity of the governance of IT in the organization.
The implementation cycle comprises the following main activities which are expanded in the clauses below.
— Establish and sustain enabling environment: Commence by establishing an enabling environment
which ensures that all stakeholders are appropriately identified and made aware of their roles and
responsibilities. Subsequent cycles will ensure that the enabling environment is sustained.
— Govern IT: Progress to the evaluate, direct, and monitor activities to perform the governance of IT.
© ISO/IEC 2015 – All rights reserved 1

— Continual review: Review the governance of IT arrangements to determine whether desired
outcomes are being achieved. If not, recommence the implementation cycle to effect the necessary
changes, thereby ensuring continual improvement of the governance of IT implementation.
Continual Review
Establish and Sustain Enabling
Environment
Source of
Govern IT
Authority
Stakeholder
Engagement
Sponsorship
Stakeholder
&
Regulatory
Expectations
The
Responsibilities Obligations
Governing
Body
Business
Business
Evaluate
Needs
Pressures
Direct Monitor
Managers
Management systems for the use of IT
Figure 1 — Implementation approach (incorporates ISO/IEC 38500)
4 Establish and sustain enabling environment
4.1 Overview
The execution and improvement of the governance of IT implementation activities will generally
require clear leadership and commitment from the governing body and the executive managers of the
organization.
The level of engagement of these stakeholders should be proportionate to the importance of the role of IT to
the organization — bo
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 12176-2:2025(Main)
Plastics pipes and fittings — Equipment for fusion jointing polyethylene systems — Part 2: Electrofusion

This document specifies performance requirements for electrofusion control unit (ECU) for use with polyethylene (PE) electrofusion fittings conforming to ISO 4437-3,[ REF Reference_ref_6 \r \h 1 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0036000000 ]ISO 4427-3[ REF Reference_ref_7 \r \h 2 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0037000000 ] and ISO 15494.[ REF Reference_ref_8 \r \h 3 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0038000000 ] NOTE 1 Electrofusion fittings conforming to other documents, e.g. EN 1555-3[ REF Reference_ref_9 \r \h 4 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000100000005200650066006500720065006E00630065005F007200650066005F0039000000 ] and EN 12201-3,[ REF Reference_ref_10 \r \h 5 08D0C9EA79F9BACE118C8200AA004BA90B0200000008000000110000005200650066006500720065006E00630065005F007200650066005F00310030000000 ] can also be within the scope of this document. The system designed to manage the transfer of data collected during the fusion process is out of the scope of this document. NOTE 2 Data format and retrieval system are specified in ISO 12176-5. NOTE 3 Parameters for the electrofusion cycle are defined in ISO 13950 and ISO 12176-5. Data for traceability purposes are given in ISO 12176-3, ISO 12176-4 and ISO 12176-5. Electrical safety is out of the scope of this document. NOTE 4 The manufacturer of ECU is informed that different safety regulations are in force in different countries or regional area, e.g.: U.S.A., Europe, etc. ECU designed for only one brand of fittings is out of the scope of this document. Excluding any of the requirements specified in this document is not acceptable when an organization claims conformity to this document.

  • Standard
    20 pages
    English language
    sale 15% off
ISO
ISO 3170:2025(Main)
Hydrocarbon Liquids — Manual sampling

This document specifies the manual methods used for obtaining samples of liquid or semi-liquid hydrocarbons, tank residues and deposits from fixed tanks, railcars, road vehicles, ships and barges, drums and cans, or from liquids being pumped in pipelines. It applies to the sampling of liquid products, including crude oils, intermediate products, synthetic hydrocarbons and bio fuels, which are stored at or near atmospheric pressure, or transferred by pipelines as liquids at elevated pressures and temperatures. The sampling procedures specified are not intended for the sampling of special petroleum products which are the subject of other International Standards, such as electrical insulating oils (covered in IEC 60475), liquefied petroleum gases (covered in ISO 4257), liquefied natural gases (covered in ISO 8943) and gaseous natural gases (covered in ISO 10715). This document refers to methods of sampling and sampling equipment in use at the time of writing. It does not exclude the use of new equipment, provided that such equipment enables samples to be obtained according to the requirements and procedures of this document.

  • Standard
    66 pages
    English language
    sale 15% off
  • Standard
    73 pages
    French language
    sale 15% off
ISO
ISO 13503-8:2025(Main)
Oil and gas industries including lower carbon energy — Completion fluids and materials — Part 8: Measurement of properties of coated proppants used in hydraulic fracturing

This document provides test procedures for evaluating coated proppants used in hydraulic fracturing operation. This document provides a consistent methodology for tests performed on coated proppants used in hydraulic fracturing operations.

  • Standard
    28 pages
    English language
    sale 15% off
  • Standard
    30 pages
    French language
    sale 15% off
ISO
ISO 15708-4:2025(Main)
Non-destructive testing — Radiation methods for computed tomography — Part 4: Qualification

This document gives guidance on the qualification of the performance of a computed tomography (CT) system with respect to various testing tasks. This document is applicable only to industrial imaging (i.e. non-medical applications) and provides a consistent set of definitions of CT performance parameters, including the relationship between these performance parameters and CT system specifications. This document is applicable to industrial computed tomography. This document does not apply to other techniques of tomography such as translational tomography and tomosynthesis.

  • Standard
    10 pages
    English language
    sale 15% off
  • Standard
    11 pages
    French language
    sale 15% off
ISO
ISO 11452-1:2025(Main)
Road vehicles — Component test methods for electrical disturbances from narrowband radiated electromagnetic energy — Part 1: General principles and terminology

This document specifies general conditions, defines terms, gives practical guidelines, and establishes the basic principles of the component tests used in the other parts of the ISO 11452 series for determining the immunity of electronic components of passenger cars and commercial vehicles to electrical disturbances from narrowband radiated electromagnetic energy, regardless of the vehicle propulsion system (e.g. spark-ignition engine, diesel engine, electric motor). The electromagnetic disturbances considered are limited to continuous narrowband electromagnetic fields. A wide frequency range (d.c. and 15 Hz to 18 GHz) is allowed for the immunity testing of the components in the ISO 11452 series.

  • Standard
    47 pages
    English language
    sale 15% off
ISO
ISO 12101:2025(Main)
Industrial valves — Measurement, test and qualification procedures for fugitive emissions — Classification system and qualification procedures for type testing of stem seals for valves

This document covers the type testing of valve stem seals using a test fixture that is designed and fully defined to be representative of the performance of a valve using similar geometry. This document is applicable to stem seals for multi-turn, linear and quarter turn valves. It is intended to provide comparative type test results confirming the performance of seal manufacturers’ stem seal designs. This document is not intended to replace type testing of complete valve assemblies or valve production testing. Compliance with this document is not intended to be a mandatory qualification test to be completed for a stem seal design prior to testing a valve to the requirements of ISO 15848-1. Compressible seals with and without live loading, elastomers and pressure energized seals are in the scope of this document. Corrosion tests are not included in this document.

  • Standard
    24 pages
    English language
    sale 15% off
ISO
ISO/IEC 18014-1:2008/Amd 1:2025(Amendment)
Information technology — Security techniques — Time-stamping services — Part 1: Framework — Amendment 1
  • Standard
    2 pages
    English language
    sale 15% off
ISO
ISO 10513:2025(Main)
Fasteners — Prevailing torque hexagon nuts — High nuts (all metal), with fine pitch thread

This document specifies the characteristics of prevailing torque (all metal) hexagon high nuts, in steel and stainless steel, with metric fine pitch thread 8 mm to 39 mm, and with product grades A and B. NOTE These nuts are designed with an overall height hmin = mmin (as specified in ISO 898-2 and ISO 8674 for style 2) plus the prevailing torque feature. hmax has been established in function of hmin; therefore, the tolerance (hmax – hmin) does not follow the ISO code system for tolerances (IT system). The wrenching height mw,min corresponds to the values specified for style 1. If in certain cases other specifications are requested, property classes and stainless steel grades can be selected from ISO 898-2 or ISO 3506-2.

  • Standard
    6 pages
    English language
    sale 15% off
  • Standard
    6 pages
    French language
    sale 15% off
ISO
ISO/TR 17716:2025(Main)
Road vehicles — Electrical disturbances from narrowband radiated electromagnetic energy — Radiated immunity for V2X

This document describes the introduction of radiated immunity testing for the components and vehicles equipped with V2X communications. The link communication connection and V2X scenario simulation are considered to make the V2X functions and their communications operate normally during the immunity testing. Examples of monitoring are also discussed to show the electromagnetic interference reactions of the device with V2X under test. In addition, test hints are described to provide information on radiated immunity for V2X. Technical specifications are not within the scope of this document.

  • Technical report
    47 pages
    English language
    sale 15% off
ISO
ISO 19396-2:2025(Main)
Paints and varnishes — Determination of pH value — Part 2: pH sensors with ISFET technology

This document specifies a method for measuring the pH value of dispersions and coating materials using pH sensors with ion-sensitive field-effect transistor (ISFET) technology.

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    12 pages
    French language
    sale 15% off