BS ISO IEC 38500:2015 pdf free download – Information technology – Governance of IT for theorganization
1 Scope
This International Standard provides guiding principles for members of governing bodies oforganizations(which can comprise owners, directors, partners, executive managers, or similar) on theeffective, efficient, and acceptable use of information technology (IT) within their organizations.
lt also provides guidance to those advising, informing, or assisting governing bodies.They includethe following:
-executive managers;
-members of groups monitoring the resources within the organization;
-external business or technical specialists, such as legal or accounting specialists, retail or industrialassociations, or professional bodies;
-internal and external service providers (including consultants);-auditors.
This International Standard applies to the governance of the organization’s current and future use ofIT including management processes and decisions related to the current and future use of IT. Theseprocesses can be controlled by IT specialists within the organization, external service providers, orbusiness units within the organization.
This International Standard defines the governance of IT as a subset or domain of organizationalgovernance, or in the case of a corporation, corporate governance.
This International Standard is applicable to all organizations, including public and private companies,government entities, and not-for-profit organizations. This International Standard is applicable toorganizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.The purpose of this International Standard is to promote effective, efficient, and acceptable use of lT inall organizations by assuring stakeholders that, if the principles and practices proposed by the standard are followed,they can have confidence in the organization’s governance of IT,
informing and guiding governing bodies in governing the use of lT in their organization, and-establishing a vocabulary for the governance of IT.
Evaluate
Governing bodies should examine and make judgement on the current and future use of lT, includingplans, proposals and supply arrangements (whether internal, external, or both).
ln evaluating the use of IT, governing bodies should consider the external or internal pressures actingupon the organization,such as technological change, economic and social trends, regulatory obligations,legitimate stakeholder expectations and political influences. Governing bodies should undertakeevaluation continually as circumstances change.Governing bodies should also take account of bothcurrent and future business needs— the current and future organizational objectives that they mustachieve, such as maintaining competitive advantage, as well as the specific objectives of the plans andproposals they are evaluating.
Direct
Governing bodies should assign responsibility for, and direct preparation and implementation ofstrategies and policies. Strategies should set the direction for investments in IT and what IT shouldachieve. Policies should establish sound behaviour in the use of IT.
Governing bodies should encourage a culture of good governance ofIT in their organization by requiringmanagers to provide timely information, to comply with direction and to conform with the six principlesof good governance.
lf necessary, governing bodies should direct the submission of proposals for approval to addressidentified needs.