ISO IEC 38500 pdf download

ISO IEC 38500 pdf download.Information technology — Governance of IT for the organization
1 Scope
This International Standard provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations. It also provides guidance to those advising, informing, or assisting governing bodies. They include the following: — executive managers; — members of groups monitoring the resources within the organization; — external business or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies; — internal and external service providers (including consultants); — auditors. This International Standard applies to the governance of the organization’s current and future use of IT including management processes and decisions related to the current and future use of IT. These processes can be controlled by IT specialists within the organization, external service providers, or business units within the organization. This International Standard defines the governance of IT as a subset or domain of organizational governance, or in the case of a corporation, corporate governance. This International Standard is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. This International Standard is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT. The purpose of this International Standard is to promote effective, efficient, and acceptable use of IT in all organizations by — assuring stakeholders that, if the principles and practices proposed by the standard are followed, they can have confidence in the organization’s governance of IT, — informing and guiding governing bodies in governing the use of IT in their organization, and — establishing a vocabulary for the governance of IT.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply. 2.1 acceptable meets stakeholder expectations that are capable of being shown as reasonable or merited 2.2 accountable answerable for actions, decisions, and performance 2.3 accountability state of being accountable Note 1 to entry: Accountability relates to an allocated responsibility. The responsibility can be based on regulation or agreement or through assignment as part of delegation. 2.4 corporate governance system by which corporations are directed and controlled Note 1 to entry: Corporate governance is organizational governance applied to corporations. Note 2 to entry: From Cadbury 1992 and OECD 1999. Note 3 to entry: Definition is included to clarify evolution in terminology from previous edition. 2.5 direct communicate desired purposes and outcomes to Note 1 to entry: In the context of governance of IT, direct involves setting objectives, strategies, and policies to be adopted by the members of the organization to ensure that use of IT meets business objectives. Note 2 to entry: Objectives, strategies, and policies can be set by managers if they have authority delegated by the governing body. 2.6 evaluate consider and make informed judgements Note 1 to entry: In the context of governance of IT, evaluate involves judgements about the internal and external, current and future circumstances and opportunities relating to the organization’s current and future use of IT. 2.7 executive manager person who has authority delegated from the governing body for implementation of strategies and policies to fulfil the purpose of the organization Note 1 to entry: Executive managers can include roles which report to the governing body or the head of the organization or have overall accountability for major reporting function, for example Chief Executive Officers (CEOs), Heads of Government Organizations, Chief Financial Officers (CFOs), Chief Operating Officers (COOs), Chief Information Officers (CIOs), and similar roles. Note 2 to entry: In management standards, executive managers can be referred to as top management.2.8 governance system of directing and controlling 2.9 governing body person or group of people who are accountable for the performance and conformance of the organization 2.10 governance of IT system by which the current and future use of IT is directed and controlled Note 1 to entry: Governance of IT is a component or a subset of organizational governance. Note 2 to entry: The term governance of IT is equivalent to the terms corporate governance of IT, enterprise governance of IT, and organizational governance of IT.