Information Technology-Governance of IT For The Organization
Information Technology-Governance of IT For The Organization
Information Technology-Governance of IT For The Organization
ISO/IEC 38500:2015
AS ISO/IEC 38500:2016
This is a free 6 page sample. Access the full version online.
Information technology—Governance of
IT for the organization
This Australian Standard® was prepared by Committee IT-030, ICT Governance and
Management. It was approved on behalf of the Council of Standards Australia on
6 December 2016.
This Standard was published on 23 December 2016.
This Standard was issued in draft form for comment as DR AS ISO/IEC 38500:2016.
Standards Australia wishes to acknowledge the participation of the expert individuals that
contributed to the development of this Standard through their representation on the
Committee and through the public comment period.
Standards may also be withdrawn. It is important that readers assure themselves they are
using a current Standard, which should include any amendments that may have been
published since the Standard was published.
Detailed information about Australian Standards, drafts, amendments and new projects can
be found by visiting www.standards.org.au
Australian Standard®
This is a free 6 page sample. Access the full version online.
Information technology—Governance of
IT for the organization
COPYRIGHT
© ISO/IEC 2016 – All rights reserved
© Standards Australia Limited
All rights are reserved. No part of this work may be reproduced or copied in any form or by
any means, electronic or mechanical, including photocopying, without the written
permission of the publisher, unless otherwise permitted under the Copyright Act 1968.
Published by SAI Global Limited under licence from Standards Australia Limited, GPO Box
476, Sydney, NSW 2001, Australia
ISBN 978 1 76035 647 7
AS ISO/IEC 38500:2016 ii
PREFACE
This Standard was prepared by the Joint Standards Australia/Standards New Zealand
Committee IT-030, ICT Governance and Management, to supersede AS/NZS ISO/IEC 38500:2010,
Corporate governance of information technology.
After consultation with stakeholders in both countries, Standards Australia and Standards New
Zealand decided to develop this Standard as an Australian Standard rather than an Australian/New
Zealand Standard.
The objective of this Standard is to provide guiding principles for members of governing bodies of
organizations (which can comprise owners, directors, partners, executive managers, or similar) on the
effective, efficient, and acceptable use, both current and future, of information technology (IT) within
their organizations. This Standard is applicable to all organizations regardless of their size and type.
This is a free 6 page sample. Access the full version online.
This Standard is identical with, and has been reproduced from ISO/IEC 38500:2015, Information
technology—Governance of IT for the organization.
As this Standard is reproduced from an International Standard, the following applies:
(a) In the source text ‘this International Standard’ should read ‘this Australian Standard’.
(b) A full point substitutes for a comma when referring to a decimal marker.
There are no normative references in the source document.
AS ISO/IEC 38500:2016 iii
ISO/IEC 38500:2015(E)
Contents Page
CONTENTS
Foreword ........................................................................................................................................................................................................................................ iv
Introduction v
1 Scope ................................................................................................................................................................................................................................. 1
2 Terms and definitions ..................................................................................................................................................................................... 1
3 Benefits of Good Governance of IT ..................................................................................................................................................... 4
4 Principles and Model for Good Governance of IT ............................................................................................................... 5
4.1 Principles ..................................................................................................................................................................................................... 5
4.2 Model ............................................................................................................................................................................................................... 6
5 Guidance for the Governance of IT .................................................................................................................................................... 8
5.1 General ........................................................................................................................................................................................................... 8
This is a free 6 page sample. Access the full version online.
Introduction INTRODUCTION
The objective of this International Standard is to provide principles, definitions, and a model for
governing bodies to use when evaluating, directing, and monitoring the use of information technology
(IT) in their organizations.
This International Standard is a high level, principles-based advisory standard. In addition to providing
broad guidance on the role of a governing body, it encourages organizations to use appropriate standards
to underpin their governance of IT.
Most organizations use IT as a fundamental business tool and few can function effectively without it. IT
is also a significant factor in the future business plans of many organizations.
Expenditure on IT can represent a significant proportion of an organization’s expenditure of financial
This is a free 6 page sample. Access the full version online.
and human resources. However, a return on this investment is often not realized fully and the adverse
effects on organizations can be significant.
The main reasons for these negative outcomes are the emphasis on the technical, financial, and
scheduling aspects of IT activities rather than emphasis on the whole business context of use of IT.
This International Standard provides principles, definitions, and a model for good governance of IT, to
assist those at the highest level of organizations to understand and fulfil their legal, regulatory, and
ethical obligations in respect of their organizations’ use of IT.
This International Standard is aligned with the definition of corporate governance that was published
as a Report of the Committee on the Financial Aspects of Corporate Governance (the Cadbury Report) in
1992. The Cadbury Report also provided the foundation definition of corporate governance in the OECD
Principles of Corporate Governance in 1999 (revised in 2004). Governance is distinct from management,
and for the avoidance of confusion, the two concepts are defined in this International Standard and
elaborated in ISO/IEC TR 38502.
This International Standard is addressed primarily to the governing body. In some (typically smaller)
organizations, the members of the governing body can also be executive managers. This International
Standard is applicable for all organizations, from the smallest to the largest, regardless of purpose,
design, and ownership structure.
The implementation of governance of IT is covered by ISO/IEC TS 38501.