Informationtechnology- organization GovernanceofITforthe
Technologies deFinformationGouvermance des technologiesdel'information pour I'entreprise
InternationalStandard
Third edition2024-02
COPYRIGHT PROTECTED DOCUMENT
All rights reserved. Unless otherwise specified or required in the context of its implementation no part of this publication may be reproduced orutilized otherwise in any form orby any means electronic ormechanical including photocopying or posting onthe intemet or an intranet without prior written permission Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester.
ISO copyright office CP 401 Ch. de Blandon net 8Phone: 41 22 749 01 11 CH-1214 Vernier GenevaEmail:copyright@ Website: in Switzerland
ISO/IEC 38500:2024(en)
Contents
Principles for the governance ofIT.
ISO/IEC 38500:2024(en)
5.12 5.11.3 Outes. Viability and performance over time.. .13 135.12.1 5.12.2 Principle. Governance implications for use of IT. 135.12.3 Oute.. 14 14
6.2 6.1 Introduction.. Governance of IT practice.. 14 156.2.1 6.2.2 Engage stakeholders.... Evaluate. .15 156.2.3 Direct. 166.3 6.2.4 Management ofIT practic.. Monitor. 16 .166.4 Framework for the governance of IT. 16
Framework for the governance of IT.. 16
7.1 General. 167.2 Elements of the framework. 7.2.1 .177.2.2 Directio.n.. General.. 18 ..177.2.3 7.2.4 Policy.. Capability... 18 187.2.5 7.2.6 Delegation. Performance. 197.2.7 Accountability. .19 20
ISO/IEC 38500:2024(en)
Foreword
ISO (the International Organization for Standardization) and IEC (the International ElectrotechnicalCommission) form the specialized system for worldwide standardization. National bodies that aremembers of ISO or IEC participate in the development of International Standards through technical mittees established by the respective organization to deal with particular fields of technical activity.ISO and IEC technical mittees collaborate in fields of mutual interest. Other international organizations governmental and non-governmental in liaison with ISO and IEC also take part in the work.
The procedures used to develop this document and those intended for its further maintenance are describedof document should be noted. This document was drafted in accordance with the editorial rules of the ISO/ IEC Directives Part 2 (see or experts/refdocs).
ISO and IEC draw attention to the possibility that the implementation of this document may involve the
claimed patent rights in respect thereof. As of the date of publication of this document ISO and IEC had not received notice of (a) patent(s) which may be required to implement this document. However implementersare cautioned that this may not represent the latest information which may be obtained from the patent database available at and ISO and IEC shall not be heldresponsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does notconstitute an endorsement.
suossaidxa pue suan syads osi jo uueau a spepues jo auneu Areunoa a go uoguedxa ue o related to conformity assessment as well as information about ISO's adherence to the World TradeOrganization (WTO) principles in the Technical Barriers to Trade (TBT) see the IEC see
This document was prepared by Joint Technical Committee ISO/IEC JTC 1 Information technology Submittee SC 40 IT service management and IT governance.
This third edition cancels and replaces the second edition (ISO/IEC 38500:2015) which has been technicallyrevised.
The main changes are as follows:
elaborated;- the model has been updated to include "engage stakeholders”; a framework for the governance of IT has been updated from ISO/IEC TR 38502.
- the principles for governance ofIT and alignment to the principles of governance in ISO 37o00 have been
A list of all parts in the ISO/IEC 38500 series can be found on the ISO and IEC websites.
body.A plete listing of these bodies can be found at Any feedback or questions on this document should be directed to the user's national standards
