Skip to content
Please enter a keyword to search

  • ISO/IEC 38500:2015

    View superseded by
    Superseded A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
    View superseded by

    Information technology — Governance of IT for the organization

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Superseded date:  23-02-2024

    Language(s):  English

    Published date:  11-02-2015

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations.

    It also provides guidance to those advising, informing, or assisting governing bodies. They include the following:

    • executive managers;
    • members of groups monitoring the resources within the organization;
    • external business or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies;
    • internal and external service providers (including consultants);
    • auditors.

    ISO/IEC 38500:2015 applies to the governance of the organization's current and future use of IT including management processes and decisions related to the current and future use of IT. These processes can be controlled by IT specialists within the organization, external service providers, or business units within the organization.

    ISO/IEC 38500:2015 defines the governance of IT as a subset or domain of organizational governance, or in the case of a corporation, corporate governance.

    ISO/IEC 38500:2015 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. ISO/IEC 38500:2015 is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.

    The purpose of ISO/IEC 38500:20015 is to promote effective, efficient, and acceptable use of IT in all organizations by:

    • assuring stakeholders that, if the principles and practices proposed by the standard are followed, they can have confidence in the organization's governance of IT,
    • informing and guiding governing bodies in governing the use of IT in their organization, and
    • establishing a vocabulary for the governance of IT.

    General Product Information - (Show below) - (Hide below)

    Committee ISO/IEC JTC 1/SC 40
    Document Type Standard
    Publisher International Organization for Standardization
    Status Superseded
    Superseded By
    Supersedes

    Standards Referenced By This Book - (Show below) - (Hide below)

    CEI UNI EN ISO/IEC 30121 : 1ED 2017 INFORMATION TECHNOLOGY - GOVERNANCE OF DIGITAL FORENSIC RISK FRAMEWORK
    CSA ISO/IEC 19770-1 : 2013 : R2017 INFORMATION TECHNOLOGY - SOFTWARE ASSET MANAGEMENT - PART 1: PROCESSES AND TIERED ASSESSMENT OF CONFORMANCE
    BS ISO/IEC 20000-2:2012 Information technology. Service management Guidance on the application of service management systems
    BS ISO/IEC 19086-1:2016 Information technology. Cloud computing. Service level agreement (SLA) framework Overview and concepts
    ISO/IEC TR 38502:2017 Information technology — Governance of IT — Framework and model
    ISO/IEC 38505-1:2017 Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data
    ISO 21505:2017 Project, programme and portfolio management — Guidance on governance
    CSA ISO/IEC 27050-1 : 2018 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ELECTRONIC DISCOVERY - PART 1: OVERVIEW AND CONCEPTS
    10/30207796 DC : 0 BS ISO/IEC 15289 - SOFTWARE AND SYSTEMS ENGINEERING - CONTENT OF LIFE-CYCLE INFORMATION PRODUCTS
    BS ISO/IEC 26511:2011 Systems and software engineering. Requirements for managers of user documentation
    BS ISO/IEC 30121 : 2015 INFORMATION TECHNOLOGY - GOVERNANCE OF DIGITAL FORENSIC RISK FRAMEWORK
    ISO/IEC TR 29110-5-3:2018 Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 5-3: Service delivery guidelines
    ISO/IEC 19086-1:2016 Information technology Cloud computing Service level agreement (SLA) framework Part 1: Overview and concepts
    BS ISO 21505:2017 Project, programme and portfolio management. Guidance on governance
    ISO/TS 17187:2013 Intelligent transport systems Electronic information exchange to facilitate the movement of freight and its intermodal transfer Governance rules to sustain electronic information exchange methods
    BS ISO/IEC 18384-1:2016 Information technology. Reference Architecture for Service Oriented Architecture (SOA RA) Terminology and concepts for SOA
    PD ISO/IEC TS 38501:2015 Information technology. Governance of IT. Implementation guide
    ISO/IEC/IEEE 15289:2017 Systems and software engineering Content of life-cycle information items (documentation)
    CSA ISO/IEC TS 38501 : 2015 INFORMATION TECHNOLOGY - GOVERNANCE OF IT - IMPLEMENTATION GUIDE
    BS ISO/IEC/IEEE 15289:2011 Systems and software engineering. Content of life-cycle information products (documentation)
    BS ISO/IEC/IEEE 15289:2019 Systems and software engineering. Content of life-cycle information items (documentation)
    UNE-ISO/IEC 20000-2:2015 Information technology. Service management. Part 2: Guidance on the application of service management systems
    ISO/IEC TR 38505-2:2018 Information technology — Governance of IT — Governance of data — Part 2: Implications of ISO/IEC 38505-1 for data management
    CSA ISO/IEC 19770-1 :2013 INFORMATION TECHNOLOGY - SOFTWARE ASSET MANAGEMENT - PART 1: PROCESSES AND TIERED ASSESSMENT OF CONFORMANCE
    BS ISO/IEC 38505-1:2017 Information technology. Governance of IT. Governance of data Application of ISO/IEC 38500 to the governance of data
    CSA ISO/IEC 20000-2 : 2013 : R2017 INFORMATION TECHNOLOGY - SERVICE MANAGEMENT - PART 2: GUIDANCE ON THE APPLICATION OF SERVICE MANAGEMENT SYSTEMS
    ISO/IEC/IEEE 26511:2011 Systems and software engineering Requirements for managers of user documentation
    ISO/IEC TR 38504:2016 Governance of information technology — Guidance for principles-based standards in the governance of information technology
    ISO/IEC TR 20000-10:2015 Information technology Service management Part 10: Concepts and terminology
    EN ISO/IEC 30121:2016 Information technology - Governance of digital forensic risk framework (ISO/IEC 30121:2015)
    PD ISO/IEC TR 38502:2017 Information technology. Governance of IT. Framework and model
    16/30287629 DC : 0 BS ISO/IEC 27050-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ELECTRONIC DISCOVERY - PART 1 OVERVIEW AND CONCEPTS
    CSA ISO/IEC TR 38502 : 2015 INFORMATION TECHNOLOGY - GOVERNANCE OF IT - FRAMEWORK AND MODEL
    10/30204688 DC : 0 BS ISO/IEC 26511 - SOFTWARE AND SYSTEMS ENGINEERING - REQUIREMENTS FOR MANAGERS OF USER DOCUMENTATION
    ISO/IEC 18384-1:2016 Information technology Reference Architecture for Service Oriented Architecture (SOA RA) Part 1: Terminology and concepts for SOA
    16/30316173 DC : 0 BS ISO/IEC 19086-1 - INFORMATION TECHNOLOGY - CLOUD COMPUTING - SERVICE LEVEL AGREEMENT (SLA) FRAMEWORK - PART 1: OVERVIEW AND CONCEPTS
    13/30284618 DC : 0 PD ISO/IEC/TR 38502 - INFORMATION TECHNOLOGY - GOVERNANCE OF IT - FRAMEWORK AND MODEL
    17/30329617 DC : 0 BS ISO/IEC 29110-4-3 - SYSTEMS AND SOFTWARE ENGINEERING - LIFECYCLE PROFILES FOR VERY SMALL ENTITIES (VSES) - PART 4-3: SERVICE DELIVERY - PROFILE SPECIFICATION
    12/30209825 DC : 0 BS ISO/IEC 27014 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GOVERNANCE OF INFORMATION SECURITY
    IEEE 20000-2-2013 IEEE Standard -- Adoption of ISO/IEC 20000-2:2012, Information technology -- Service management -- Part 2: Guidance on the application of service management systems
    CSA ISO/IEC 20000-2:2013 INFORMATION TECHNOLOGY - SERVICE MANAGEMENT - PART 2: GUIDANCE ON THE APPLICATION OF SERVICE MANAGEMENT SYSTEMS
    CAN/CSA-ISO/IEC TR 38504:18 Governance of information technology ? Guidance for principles-based standards in the governance of information technology (Adopted ISO/IEC TR 38504:2016, first edition, 2016-09-15)
    CAN/CSA-ISO/IEC 19086-1:18 Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and concepts (Adopted ISO/IEC 19086-1:2016, first edition, 2016-09-15)
    SR 003 391 : 2.1.1 CLOUD STANDARDS COORDINATION PHASE 2; INTEROPERABILITY AND SECURITY IN CLOUD COMPUTING
    ISO 22316:2017 Security and resilience — Organizational resilience — Principles and attributes
    I.S. EN ISO/IEC 30121:2016 INFORMATION TECHNOLOGY - GOVERNANCE OF DIGITAL FORENSIC RISK FRAMEWORK (ISO/IEC 30121:2015)
    ISO/IEC 27050-1:2016 Information technology Security techniques Electronic discovery Part 1: Overview and concepts
    ISO/TR 14639-2:2014 Health informatics Capacity-based eHealth architecture roadmap Part 2: Architectural components and maturity model
    ISO/IEC 30121:2015 Information technology Governance of digital forensic risk framework
    ISO/IEC 20000-2:2012 Information technology Service management Part 2: Guidance on the application of service management systems
    BS ISO/IEC 27014:2013 Information technology. Security techniques. Governance of information security
    PD ISO/TS 17187:2013 Intelligent transport systems. Electronic information exchange to facilitate the movement of freight and its intermodal transfer. Governance rules to sustain electronic information exchange methods
    BS EN ISO/IEC 30121:2016 Information technology. Governance of digital forensic risk framework
    PD ISO/IEC TR 38504:2016 Governance of information technology. Guidance for principles-based standards in the governance of information technology
    12/30228065 DC : 0 BS 13500 - CODE OF PRACTICE FOR DELIVERING EFFECTIVE GOVERNANCE
    PD ISO/TR 14639-2:2014 Health informatics. Capacity-based eHealth architecture roadmap Architectural components and maturity model
    16/30333228 DC : 0 BS ISO/IEC 38505-1 - INFORMATION TECHNOLOGY - GOVERNANCE OF IT - PART 1: THE APPLICATION OF ISO/IEC 38500 TO THE GOVERNANCE OF DATA
    PD ISO/IEC TR 20000-10:2015 Information technology. Service management Concepts and terminology
    13/30268064 DC : 0 BS ISO/IEC 30121 - SYSTEM AND SOFTWARE ENGINEERING - INFORMATION TECHNOLOGY - GOVERNANCE OF DIGITAL FORENSIC RISK FRAMEWORK
    18/30325702 DC : 0 BS ISO/IEC 27050-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ELECTRONIC DISCOVERY - PART 2: GUIDANCE FOR GOVERNANCE AND MANAGEMENT OF ELECTRONIC DISCOVERY
    ISO/IEC TS 38501:2015 Information technology — Governance of IT — Implementation guide
    ISO/IEC 27014:2013 Information technology Security techniques Governance of information security
    NS-ISO/IEC 42001:2023 Information technology - Artificial intelligence - Management system
    INCITS/ISO/IEC TR 38504:2016(R2023) Governance of information technology — Guidance for principlesbased standards in the governance of information technology

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC TR 38502:2014 Information technology Governance of IT Framework and model
    SA/SNZ TR ISO 21965:2020 Information and documentation - Records management in enterprise architecture
    AS/NZS ISO/IEC 20000.10:2019 Information technology - Service management Concepts and vocabulary
    SA/SNZ TR ISO/IEC 38505.2:2019 Information technology - Governance of IT - Governance of data Implications of ISO/IEC 38505-1 for data management
    ISO/IEC TS 38501:2015 Information technology — Governance of IT — Implementation guide
    AS/NZS ISO/IEC 20000.2:2020 Information technology - Service management Guidance on the application of service management systems
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective