ISO/IEC 38500

International Standard for Corporate Governance of IT (IT Governance)

Speak to an expert

Whatever the nature or size of your problem, we are here to help. Get in touch today using one of the contact methods below.

What is ISO/IEC 38500?

ISO/IEC 38500 is the international standard for the corporate governance of information technology, and provides guidance to those advising, informing or assisting directors on the effective and acceptable use of information technology (IT) within the organisation. 

Assure your stakeholders your IT governance capabilities. 

Get your copy of ISO/IEC 38500 today

About ISO/IEC 38500

ISO/IEC 38500 applies to the governance of management processes and decisions relating to an organisation’s information and communication services.

It defines six principles:

  1. Establish responsibilities
  2. Plan to best support the organisation
  3. Make acquisitions for valid reasons
  4. Ensure necessary levels of performance
  5. Ensure conformance with rules
  6. Ensure respect for human factors

This Standard originated from an existing Australian standard, AS8015. ISO/IEC 29382, Corporate Governance of Information and Communication Technology, was first published early in 2007 and was officially re-named ISO/IEC 38500 in 2008.

ISO/IEC 38500: A pocket guide, second edition

ISO/IEC 38500: A pocket guide, second edition

This useful pocket guide is an ideal introduction for those wanting to understand more about ISO 38500.

It describes the scope, application and objectives of the Standard and outlines its six core principles. It covers:

  • What is ISO/IEC 38500?
  • The corporate governance context
  • Scope, application and objectives
  • Principles and model for good governance of it
  • Implementing the six IT governance principles
  • ISO/IEC 38500 and the IT steering committee
  • Project governance
  • Other IT governance standards and frameworks
  • Integrated frameworks

Shop now

Implementing ISO/IEC 38500

Although ISO/IEC 38500 is a short and straightforward international standard, actual implementation of an IT governance framework can be challenging. The Calder-Moir IT Governance Framework evolved alongside the international standard as a conceptual approach to help organisations visualise effective IT governance, drawing on and integrating the wide range of IT management tools and systems that exist in the world today.

Start your implementation project with these key tools

  • ISO/IEC 38500 - the IT governance standard - this book will help you to understand the new ISO/IEC 38500 standard and the much-discussed topic of IT Governance.
  • IT Governance: implementing frameworks and standards for the corporate governance of IT - this book provides practical guidance on implementing an IT governance framework based on ISO/IEC 38500 in your own organisation.
  • ISO 38500 IT governance standard - the advice and guidance in this standard is applicable to all organisations, including public and private companies, government organisations, and not-for-profit organisations, irrespective of their size or type, and regardless of the extent of their use of IT. It not only applies to directors but also provides essential guidance on the appropriate governance of IT to all key members of staff.
  • IT governance framework toolkit - the effectiveness of the Calder-Moir Framework as a unifying approach to IT governance and management is exemplified by the IT Governance Framework Toolkit, which provides practical, detailed tools and guidance for implementing IT governance in your organisation, based on ISO/IEC 38500.
  • We also offer an IT governance consultancy service. Our consultants work with your board, senior executives and functional specialists to help define, develop and implement an IT governance framework that is appropriate for your business.
PROTECT YOUR
BUSINESS
THIS WINTER