ISO 38500 - International Standard for Corporate Governance of IT

What is ISO 38500?

ISO/IEC 38500 is the International Standard for the Corporate Governance of Information Technology and is the official IT governance standard.

This standard applies to the governance of management processes relating to the information and communication services used by an organisation. These processes could be controlled by IT specialists within an organisation or by external service providers.

Buy your copy of ISO/IEC 38500 now >>

Need an introduction to ISO 38500?

Written by IT Governance's CEO, Alan Calder, ISO/IEC 38500 The IT governance standard - the pocket guide provides an account of the scope and objectives of the standard. It outlines the standard's six core principles, sets out the three major tasks that the standard assigns to directors regarding IT, and explains the interrelationship between the two. The guide also offers advice on how to set up and implement the IT governance framework.

Shop now

About ISO 38500

ISO/IEC 38500 applies to the governance of management processes and decisions relating to an organisation’s information and communication services.

It defines six principles:

  • Establish responsibilities
  • Plan to best support the organisation
  • Make acquisitions for valid reasons
  • Ensure necessary levels of performance
  • Ensure conformance with rules
  • Ensure respect for human factors

This Standard originated from an existing Australian standard, AS8015. ISO/IEC 29382, Corporate Governance of Information and Communication Technology, was first published early in 2007 and was officially re-named ISO/IEC 38500 in 2008. 

Implementing ISO 38500

Although ISO/IEC 38500 is a short and straightforward international standard, actual implementation of an IT governance framework can be challenging. The Calder-Moir IT Governance Framework evolved alongside the international standard as a conceptual approach to help organisations visualise effective IT governance, drawing on and integrating the wide range of IT management tools and systems that exist in the world today.

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT provides practical guidance on implementing an IT governance framework based on ISO/IEC 38500 in your own organisation.

The effectiveness of the Calder-Moir Framework as a unifying approach to IT governance and management is exemplified by the IT Governance Framework Toolkit, which provides practical, detailed tools and guidance for implementing IT governance in your organisation, based on ISO/IEC 38500.

Speak to an expert

Please contact us for more information or to arrange an initial meeting. 

SAVE 25%