ISO/IEC 38500 and Good IT Governance

ISO/IEC 38500 and Good IT Governance

IT Governance has an ISO, it is the ISO/IEC 38500:2008 “Corporate governance of information technology”.

This standard was published in June 2008 and complements the set of ISO standards that affect the systems and information technologies (such as ISO/IEC 27001, ISO/IEC 20000, etc.).

This rule sets standards for good management of business processes and decisions related to information and communication services that are usually managed by specialists in IS / internal or within other business units of the IT organization, such as suppliers external service. In essence, all that this proposed rule can be summarized into three main purposes:

a) Ensure that, if the rule is followed properly, the stakeholders (managers, consultants, engineers, hardware vendors, auditors, etc.), can rely on the corporate governance of IT.

b) provide information and guidance to managers that control the use of IS/IT in your organization/company

c) Provide a basis for objective evaluation by top management of IT management. IT governance framework Likewise, the rule encourages adopt a minimum set of measures for the organization to get your IT goals.

All there are translated into 6 basic principles:

1. The establishment of responsibilities to competenters people for decision making
2. Alignment of IT with the strategic objectives of the organization (a good planning support to the improvement of the organization)
3. The investment in IT goods suitable
4. Quality in the operation of IT systems
5. Ensuring legal compliance or regulatory IT systems
6. The involvement of the human factor and respect at the same

To remark the last 2:

– Compliance with the legal environment is a growing need in the context of IS/IT organizations of any size, as there is a lot of legislation regulating the use of information, communications, etc. forming a binding legal framework that can not be ignored.

– The human factor is often treated very tangentially in many business strategies and, above all, IS/IT. Fortunately, this standard (as ISO 27001 for example in his domain “8. Security linked to Human Resources”), incorporated as a fundamental pillar more.

Leave a comment