This website uses cookies. View our cookie policy

ISO 38500

Internationally recognised as the official IT governance standard and applying to the governance of an organisation’s ICT service management processes, ISO 38500 is the international standard for the corporate governance of information technology. The Standard is relevant whether your ICT service management processes are managed by external service providers or internally.

Need an introduction to ISO 38500?

Written by IT Governance's CEO, Alan Calder, ISO/IEC 38500 The IT governance standard - the pocket guide provides an account of the scope and objectives of the standard. It outlines the standard's six core principles, sets out the three major tasks that the standard assigns to directors regarding IT, and explains the interrelationship between the two. The guide also offers advice on how to set up and implement the IT governance framework.

Shop now

IT governance domains

IT governance can broadly be divided into the following domains:

  • COBIT® (Control Objectives for Information and Related Technology) - IT governance control framework enabling organisations to resolve business issues in the context of regulatory compliance, risk management and the embedding of IT strategy in organisational approach. IT Governance provides a full range of COBIT 5 resources. 
  • ITIL® (IT Infrastructure Library®) - Supported by ISO 20000 and independently certifiable, ITIL provides best-practice processes for effective IT service management. Guidance for adopting ITIL is included in the ITIL 2011 Lifecycle Publication Suite. 
  • ISO 27002 - Supporting guidelines to ISO 27001 that explain the requirements for implementing a best-practice information security management system.

These three IT governance frameworks are the most widely accepted and vendor neutral. None of them are sufficient by themselves to ensure robust IT governance, but each provides benefits. 

The greatest challenge is establishing an integrated and streamlined framework that draws on COBIT, ITIL and ISO 27002 through one centrally managed system. In this respect, the Joint Framework – created by the IT Governance Institute and the Office of Government Commerce – provides a reliable starting point, simplifying the planning process for simultaneous implementations and coordinating the various clauses between each framework. 

Key sub-domains of IT governance are:

  • Business continuity and disaster recovery; 
  • Enterprise architecture; 
  • Regulatory compliance; 
  • Information governance and information security; 
  • IT service management, including ITIL and service level management; 
  • Knowledge management, including intellectual capital; 
  • Leadership skills; 
  • Project governance; and 
  • Risk management.

Speak to an expert

Please contact us for more information or to arrange an initial meeting.