ISO/IEC 38500:2015 pdf free.Information technology — Governance of IT for the organization.
The objective of this International Standard is to provide principles, definitions, and a model for governing bodies to use when evaluating, directing, and monitoring the use of information technology (IT) in their organizations.
This International Standard is a high level, principles-based advisory standard. In addition to providing broad guidance on the role of a governing body, it encourages organizations to use appropriate standards to underpin their governance of IT.
Most organizations use IT as a fundamental business tool and few can function effectively without it. IT is also a significant factor in the future business plans of many organizations.
Expenditure on IT can represent a significant proportion of an organization’s expenditure of financial and human resources. However, a return on this investment is often not realized fully and the adverse effects on organizations can be significant.
The main reasons for these negative outcomes are the emphasis on the technical, financial, and scheduling aspects of IT activities rather than emphasis on the whole business context of use of IT.
This International Standard provides principles, definitions, and a model for good governance of IT, to assist those at the highest level of organizations to understand and fulfil their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT.
ISO/IEC 38500:2015 applies to the governance of the organization’s current and future use of IT including management processes and decisions related to the current and future use of IT. These processes can be controlled by IT specialists within the organization, external service providers, or business units within the organization.
ISO/IEC 38500:2015 defines the governance of IT as a subset or domain of organizational governance, or in the case of a corporation, corporate governance.
ISO/IEC 38500:2015 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. ISO/IEC 38500:2015 is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.
4 Principles and Model for Good Governance of IT
4.1 Principles
This clause sets out six principles for good governance of IT. The principles express preferred behaviour to guide decision making. The statement of each principle refers to what should happen, but does not prescribe how, when or by whom the principles would be implemented – as these aspects are dependent on the nature of the organization implementing the principles. Governing bodies should require that these principles arc applied.
Principle 1: Responsibility
Individuals and groups within the organization understand and accept their responsibilities in respect of both supply of, and demand for IT. Those with responsibility for actions also have the authority to perform those actions.
Principle 2: Strategy
The organization’s business strategy takes into account the current and future capabilities of IT; the plans for the use of IT satisfy the current and on-going needs of the organization’s business strategy.ISO/IEC 38500:2015 pdf free download.