BS ISO/IEC 38500:2008 - Corporate governance of information technology – BSI British Standards

BS ISO/IEC 38500:2008

Corporate governance of information technology

Status : Revised, Superseded, Withdrawn   Published : June 2008 Replaced By : BS ISO/IEC 38500:2015

*To ask about withdrawn titles contact the
Customer Relations, +44 345 086 9001

What is BS ISO/IEC 38500:2008?

BS ISO/IEC 38500:2008 gives practical guidelines to help directors of organizations and enterprises to use Information Technology – such as computer hardware and software – effectively in their business. This standard applies to the governance of all management processes that relate to information and communication technology services in organizations. By providing best practice recommendations, BS ISO/IEC 38500 helps to inform and guide employers and personnel responsible for the design and implementation of management systems, including governance policies, processes and supporting structures.

How does it work?

BS ISO/IEC 38500:2008 sets out the principles to use Information Technology effectively and acceptably. By following these guidelines, directors can balance risks more efficiently, while making the most of new opportunities. This standard presents a framework for good corporate governance of information technology. Other topics include responsibility, strategy, acquisition, performance and conformity.

Download sample page

Who should buy it?

  • Senior managers
  • Members of groups monitoring the resources within organizations
  • External business or technical specialists, such as legal or accounting
  • Specialists, retail associations or professional bodies
  • Vendors of hardware, software, communications and other IT products
  • Internal and external service providers (including consultants)
  • IT auditors

Why BSI?

We are global, we’re independent and we’re a trusted service provider to 80,000 businesses. We operate in 147 countries and are the number one certification body in the UK and US. We created 85% of our portfolio because we know standards and we know your business. We’re leaders and we can make you one too.  


Standard NumberBS ISO/IEC 38500:2008
TitleCorporate governance of information technology
StatusRevised, Superseded, Withdrawn
Publication Date30 June 2008
Withdrawn Date28 February 2015
Normative References(Required to achieve compliance to this standard)No other standards are normatively referenced
Informative References(Provided for Information)No other standards are informatively referenced
Replaced ByBS ISO/IEC 38500:2015
International RelationshipsISO/IEC 38500:2008
Draft Superseded By07/30162048 DC
DescriptorsCommunication technology, Risk assessment, Management, Conformity, Data processing, Employers, Personnel, Enterprises, Computer hardware, Computer software, Performance, Organizations
Title in FrenchGouvernance des technologies de l'information par l'entreprise
Title in GermanInformationstechnik. Software und System-Engineering. Unternehmensführung in der Informationstechnik
ISBN978 0 580 58381 0
File Size752 KB

*To ask about withdrawn titles contact the
Customer Relations, +44 345 086 9001
 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version


Access, view and download standards with multiple user access, across multiple sites with BSOL

Worldwide Standards
We can source any standard from anywhere in the world

Customers who bought this product also bought

  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BS 7799-3:2006
    Information security management systems Guidelines for information security risk management
  • BS 31100:2011
    Risk management. Code of practice and guidance for the implementation of BS ISO 31000