ISO/IEC 38500:2015
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
Information technology — Governance of IT for the organization
Hardcopy , PDF 1 User , PDF 3 Users , PDF 5 Users , PDF 9 Users
23-02-2024
English
11-02-2015
ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations.
It also provides guidance to those advising, informing, or assisting governing bodies. They include the following:
- executive managers;
- members of groups monitoring the resources within the organization;
- external business or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies;
- internal and external service providers (including consultants);
- auditors.
ISO/IEC 38500:2015 applies to the governance of the organization's current and future use of IT including management processes and decisions related to the current and future use of IT. These processes can be controlled by IT specialists within the organization, external service providers, or business units within the organization.
ISO/IEC 38500:2015 defines the governance of IT as a subset or domain of organizational governance, or in the case of a corporation, corporate governance.
ISO/IEC 38500:2015 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. ISO/IEC 38500:2015 is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.
The purpose of ISO/IEC 38500:20015 is to promote effective, efficient, and acceptable use of IT in all organizations by:
- assuring stakeholders that, if the principles and practices proposed by the standard are followed, they can have confidence in the organization's governance of IT,
- informing and guiding governing bodies in governing the use of IT in their organization, and
- establishing a vocabulary for the governance of IT.
Committee |
ISO/IEC JTC 1/SC 40
|
DocumentType |
Standard
|
Pages |
12
|
PublisherName |
International Organization for Standardization
|
Status |
Superseded
|
SupersededBy | |
Supersedes |
Standards | Relationship |
NEN ISO/IEC 38500 : 2015 | Identical |
BS ISO/IEC 38500:2015 | Identical |
SS-ISO/IEC 38500:2016 | Identical |
NS ISO/IEC 38500 : 2015 | Identical |
AS ISO/IEC 38500:2016 | Identical |
CSA ISO/IEC 38500 : 2015 | Identical |
UNI CEI ISO/IEC 38500 : 2020 | Identical |
CSA ISO/IEC 38500:15 (R2020) | Identical |
DS ISO/IEC 38500 : 2015 | Identical |
INCITS/ISO/IEC 38500 : 2017 | Identical |
UNE-ISO/IEC 38500:2013 | Identical |
CEI UNI ISO/IEC 38500:2023 | Identical |
CEI UNI EN ISO/IEC 30121 : 1ED 2017 | INFORMATION TECHNOLOGY - GOVERNANCE OF DIGITAL FORENSIC RISK FRAMEWORK |
BS ISO/IEC 20000-2:2012 | Information technology. Service management Guidance on the application of service management systems |
BS ISO/IEC 19086-1:2016 | Information technology. Cloud computing. Service level agreement (SLA) framework Overview and concepts |
ISO/IEC TR 38502:2017 | Information technology — Governance of IT — Framework and model |
ISO/IEC 38505-1:2017 | Information technology — Governance of IT — Governance of data — Part 1: Application of ISO/IEC 38500 to the governance of data |
ISO 21505:2017 | Project, programme and portfolio management — Guidance on governance |
CSA ISO/IEC 27050-1 : 2018 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ELECTRONIC DISCOVERY - PART 1: OVERVIEW AND CONCEPTS |
10/30207796 DC : 0 | BS ISO/IEC 15289 - SOFTWARE AND SYSTEMS ENGINEERING - CONTENT OF LIFE-CYCLE INFORMATION PRODUCTS |
BS ISO/IEC 26511:2011 | Systems and software engineering. Requirements for managers of user documentation |
BS ISO/IEC 30121 : 2015 | INFORMATION TECHNOLOGY - GOVERNANCE OF DIGITAL FORENSIC RISK FRAMEWORK |
ISO/IEC TR 29110-5-3:2018 | Systems and software engineering — Lifecycle profiles for Very Small Entities (VSEs) — Part 5-3: Service delivery guidelines |
ISO/IEC 19086-1:2016 | Information technology Cloud computing Service level agreement (SLA) framework Part 1: Overview and concepts |
BS ISO 21505:2017 | Project, programme and portfolio management. Guidance on governance |
ISO/TS 17187:2013 | Intelligent transport systems Electronic information exchange to facilitate the movement of freight and its intermodal transfer Governance rules to sustain electronic information exchange methods |
BS ISO/IEC 18384-1:2016 | Information technology. Reference Architecture for Service Oriented Architecture (SOA RA) Terminology and concepts for SOA |
PD ISO/IEC TS 38501:2015 | Information technology. Governance of IT. Implementation guide |
ISO/IEC/IEEE 15289:2017 | Systems and software engineering Content of life-cycle information items (documentation) |
CSA ISO/IEC TS 38501 : 2015 | INFORMATION TECHNOLOGY - GOVERNANCE OF IT - IMPLEMENTATION GUIDE |
BS ISO/IEC/IEEE 15289:2011 | Systems and software engineering. Content of life-cycle information products (documentation) |
BS ISO/IEC/IEEE 15289:2019 | Systems and software engineering. Content of life-cycle information items (documentation) |
UNE-ISO/IEC 20000-2:2015 | Information technology. Service management. Part 2: Guidance on the application of service management systems |
ISO/IEC TR 38505-2:2018 | Information technology — Governance of IT — Governance of data — Part 2: Implications of ISO/IEC 38505-1 for data management |
BS ISO/IEC 38505-1:2017 | Information technology. Governance of IT. Governance of data Application of ISO/IEC 38500 to the governance of data |
CSA ISO/IEC 20000-2 : 2013 : R2017 | INFORMATION TECHNOLOGY - SERVICE MANAGEMENT - PART 2: GUIDANCE ON THE APPLICATION OF SERVICE MANAGEMENT SYSTEMS |
ISO/IEC/IEEE 26511:2011 | Systems and software engineering Requirements for managers of user documentation |
ISO/IEC TR 38504:2016 | Governance of information technology — Guidance for principles-based standards in the governance of information technology |
ISO/IEC TR 20000-10:2015 | Information technology Service management Part 10: Concepts and terminology |
EN ISO/IEC 30121:2016 | Information technology - Governance of digital forensic risk framework (ISO/IEC 30121:2015) |
PD ISO/IEC TR 38502:2017 | Information technology. Governance of IT. Framework and model |
16/30287629 DC : 0 | BS ISO/IEC 27050-1 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ELECTRONIC DISCOVERY - PART 1 OVERVIEW AND CONCEPTS |
CSA ISO/IEC TR 38502 : 2015 | INFORMATION TECHNOLOGY - GOVERNANCE OF IT - FRAMEWORK AND MODEL |
10/30204688 DC : 0 | BS ISO/IEC 26511 - SOFTWARE AND SYSTEMS ENGINEERING - REQUIREMENTS FOR MANAGERS OF USER DOCUMENTATION |
ISO/IEC 18384-1:2016 | Information technology Reference Architecture for Service Oriented Architecture (SOA RA) Part 1: Terminology and concepts for SOA |
16/30316173 DC : 0 | BS ISO/IEC 19086-1 - INFORMATION TECHNOLOGY - CLOUD COMPUTING - SERVICE LEVEL AGREEMENT (SLA) FRAMEWORK - PART 1: OVERVIEW AND CONCEPTS |
13/30284618 DC : 0 | PD ISO/IEC/TR 38502 - INFORMATION TECHNOLOGY - GOVERNANCE OF IT - FRAMEWORK AND MODEL |
17/30329617 DC : 0 | BS ISO/IEC 29110-4-3 - SYSTEMS AND SOFTWARE ENGINEERING - LIFECYCLE PROFILES FOR VERY SMALL ENTITIES (VSES) - PART 4-3: SERVICE DELIVERY - PROFILE SPECIFICATION |
12/30209825 DC : 0 | BS ISO/IEC 27014 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GOVERNANCE OF INFORMATION SECURITY |
IEEE 20000-2-2013 | IEEE Standard -- Adoption of ISO/IEC 20000-2:2012, Information technology -- Service management -- Part 2: Guidance on the application of service management systems |
CSA ISO/IEC 20000-2:2013 | INFORMATION TECHNOLOGY - SERVICE MANAGEMENT - PART 2: GUIDANCE ON THE APPLICATION OF SERVICE MANAGEMENT SYSTEMS |
SR 003 391 : 2.1.1 | CLOUD STANDARDS COORDINATION PHASE 2; INTEROPERABILITY AND SECURITY IN CLOUD COMPUTING |
ISO 22316:2017 | Security and resilience — Organizational resilience — Principles and attributes |
I.S. EN ISO/IEC 30121:2016 | INFORMATION TECHNOLOGY - GOVERNANCE OF DIGITAL FORENSIC RISK FRAMEWORK (ISO/IEC 30121:2015) |
ISO/IEC 27050-1:2016 | Information technology Security techniques Electronic discovery Part 1: Overview and concepts |
ISO/TR 14639-2:2014 | Health informatics Capacity-based eHealth architecture roadmap Part 2: Architectural components and maturity model |
ISO/IEC 30121:2015 | Information technology Governance of digital forensic risk framework |
ISO/IEC 20000-2:2012 | Information technology Service management Part 2: Guidance on the application of service management systems |
BS ISO/IEC 27014:2013 | Information technology. Security techniques. Governance of information security |
PD ISO/TS 17187:2013 | Intelligent transport systems. Electronic information exchange to facilitate the movement of freight and its intermodal transfer. Governance rules to sustain electronic information exchange methods |
BS EN ISO/IEC 30121:2016 | Information technology. Governance of digital forensic risk framework |
PD ISO/IEC TR 38504:2016 | Governance of information technology. Guidance for principles-based standards in the governance of information technology |
12/30228065 DC : 0 | BS 13500 - CODE OF PRACTICE FOR DELIVERING EFFECTIVE GOVERNANCE |
PD ISO/TR 14639-2:2014 | Health informatics. Capacity-based eHealth architecture roadmap Architectural components and maturity model |
16/30333228 DC : 0 | BS ISO/IEC 38505-1 - INFORMATION TECHNOLOGY - GOVERNANCE OF IT - PART 1: THE APPLICATION OF ISO/IEC 38500 TO THE GOVERNANCE OF DATA |
PD ISO/IEC TR 20000-10:2015 | Information technology. Service management Concepts and terminology |
13/30268064 DC : 0 | BS ISO/IEC 30121 - SYSTEM AND SOFTWARE ENGINEERING - INFORMATION TECHNOLOGY - GOVERNANCE OF DIGITAL FORENSIC RISK FRAMEWORK |
18/30325702 DC : 0 | BS ISO/IEC 27050-2 - INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - ELECTRONIC DISCOVERY - PART 2: GUIDANCE FOR GOVERNANCE AND MANAGEMENT OF ELECTRONIC DISCOVERY |
ISO/IEC TS 38501:2015 | Information technology — Governance of IT — Implementation guide |
ISO/IEC 27014:2013 | Information technology Security techniques Governance of information security |
NS-ISO/IEC 42001:2023 | Information technology - Artificial intelligence - Management system |
CAN/CSA-ISO/IEC 19086-1:18 | Information technology — Cloud computing — Service level agreement (SLA) framework — Part 1: Overview and concepts (Adopted ISO/IEC 19086-1:2016, first edition, 2016-09-15) |
INCITS/ISO/IEC TR 38504:2016(R2023) | Governance of information technology — Guidance for principlesbased standards in the governance of information technology |
CSA ISO/IEC 19770-1 :2013 | INFORMATION TECHNOLOGY - SOFTWARE ASSET MANAGEMENT - PART 1: PROCESSES AND TIERED ASSESSMENT OF CONFORMANCE |
CAN/CSA-ISO/IEC TR 38504:18 | Governance of information technology ? Guidance for principles-based standards in the governance of information technology (Adopted ISO/IEC TR 38504:2016, first edition, 2016-09-15) |
CSA ISO/IEC 19770-1 : 2013 : R2017 | INFORMATION TECHNOLOGY - SOFTWARE ASSET MANAGEMENT - PART 1: PROCESSES AND TIERED ASSESSMENT OF CONFORMANCE |
ISO/IEC TR 38502:2014 | Information technology Governance of IT Framework and model |
SA/SNZ TR ISO 21965:2020 | Information and documentation - Records management in enterprise architecture |
AS/NZS ISO/IEC 20000.10:2019 | Information technology - Service management Concepts and vocabulary |
SA/SNZ TR ISO/IEC 38505.2:2019 | Information technology - Governance of IT - Governance of data Implications of ISO/IEC 38505-1 for data management |
ISO/IEC TS 38501:2015 | Information technology — Governance of IT — Implementation guide |
AS/NZS ISO/IEC 20000.2:2020 | Information technology - Service management Guidance on the application of service management systems |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.