ISO/IEC 38500

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

ISO/IEC 38500

The ISO/IEC 38500 Corporate governance of information technology standard, provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT.

ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations. It is organized into three prime sections, specifically, Scope, Framework and Guidance.

The framework comprises definitions, principles and a model. It sets out six principles for good corporate governance of IT:

  • Responsibility;
  • Strategy;
  • Acquisition;
  • Performance;
  • Conformance;
  • Human behavior.


It also provides guidance to those advising, informing, or assisting directors.

See also