BS ISO/IEC 38500 is the international standard that provides guiding principles for directors of organizations (including owners, board members, directors, partners, senior executives, or similar) on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations.
This standard applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization.
The purpose of this standard is to promote effective, efficient, and acceptable use of IT in all organizations by:
- Assuring stakeholders (including consumers, shareholders, and employees) that, if the standard is followed, they can have confidence in the organization’s corporate governance of IT;
- Informing and guiding directors in governing the use of IT in their organization
- Providing a basis for objective evaluation of the corporate governance of IT.
Who would use BS ISO/IEC 38500?
This standard is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. It is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.
The standard provides guidance to those advising, informing, or assisting directors, including:
- Senior managers
- Members of groups monitoring the resources within the organization
- External business or technical specialists, such as legal or accounting
- Specialists, retail associations, or professional bodies
- Vendors of hardware, software, communications and other IT products
- Internal and external service providers (including consultants)
- IT auditors.
The standard is also intended to inform and guide those involved in designing and implementing the management system of policies, processes, and structures that support governance.
What are the benefits of using BS ISO/IEC 38500?
This standard establishes principles for the effective, efficient and acceptable use of IT. Ensuring that their organisations follow these principles will assist directors in balancing risks and encouraging opportunities arising from the use of IT.
This standard establishes a model for the governance of IT. The risk of directors not fulfilling their obligations is mitigated by giving due attention to the model in properly applying the principles.
The standard establishes a vocabulary for the Governance of IT.
Contents of BS ISO/IEC 38500 includes:
- Scope
- Application
- Objectives
- Benefits of Using This Standard
- Referenced Documents
- Definitions
- Framework for good corporate governance of IT
- Principles
- Model
- Guidance for the corporate governance of IT
- General
- Responsibility
- Strategy
- Acquisition
- Performance
- Conformance
- Human Behaviour