ISO/IEC 38500 Standard Covers Corporate Governance of Information Tech
June 18, 2008 // Published as a news service by IHS
| |
| Electronics & Telecom Docs |
IHS sells a full selection of standards documents & collections from the industry's top organizations. To learn more, and for a free quote, please complete the form below. |
|
| |
A new standard from the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) provides guidance about the role of top management in relation to the corporate governance of IT.
ISO/IEC 38500:2008 - Corporate governance of information technology, is applicable to organizations of all sizes, including public and private companies, government entities and not-for-profit organizations, according to ISO and IEC.
François Coallier, chair of the ISO software and systems engineering subcommittee, that developed the standard, said, "Most organizations use IT as a fundamental business tool, and few can function without it.
"IT is also a significant enabler in the future business plans of many organizations. ISO/IEC 38500 will help the governing body to evaluate, direct and monitor the use of IT," Coallier said.
"It will assist directors in assuming conformance with obligations - regularly, legislation, common law, contractual - concerning the acceptable use of IT and to have a proper corporate governance of IT."
The standard provides a framework for IT governance aimed at assisting those at the highest level of organizations to understand and fulfill their legal, regulatory and ethical obligations with regard to their organizations' use of IT.
The framework comprises definitions, principles and a model and sets out six principles for corporate governance of IT to guide decision making:
- Responsibility.
- Strategy.
- Acquisition.
- Performance.
- Conformance.
- Human behavior.
ISO and IEC said the purpose of the standard is to promote effective, efficient and acceptable use of IT in all organizations by:
- Assuring stakeholders that if the standard is followed, they can have confidence in the organization's corporate governance of IT.
- Informing and guiding directors in governing the use of IT in their organization.
- Providing a basis for objective evaluation of the corporate governance of IT.
Alison Holt, chair of the IT governance working group, said, "This standard is targeted at the board of an organization, to assist the board in delivering the maximum value from IT and information assets across the organization."
Source: International Organization for Standardization (ISO).