ISO/IEC 38500:2008 is owned by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC). The standard helps to clarify IT governance from the top down by describing it as the means through which directors can demonstrate to all stakeholders and compliance bodies their effective stewardship over IT resources by ensuring that an appropriate governance and security framework exists for all IT activities as a result of covering the following principles.
The principles are:
• Responsibility – employees know their responsibilities both in terms of demand and supply of IT and have the authority to meet them
• Strategy – business strategies should be aligned with IT possibilities, and all IT within an organization should support the business strategies
• Acquisition – all IT investments must be made on the basis of a business case with regular monitoring in place to assess whether the assumptions still hold
• Performance – the performance of IT systems should lead to business benefits and therefore it is necessary that IT supports the business effectively
• Conformance – IT systems should help to ensure that business processes comply with legislation and regulations; IT itself must also comply with legal requirements and agreed internal rules
• Human behavior – IT policies, practices and decisions respect human behavior and acknowledge the needs of all the people in the process
The standard consists of three parts: Scope, Framework and Guidance.
There are no products matching the selectionThis is a custom CMS block displayed if category is empty.
You can replace it with any custom content.