ISO/IEC launches IT governance standard for directors

The standard ‘Corporate governance of information technology’ provides a framework for effective IT governance, and is applicable to organisations of all sizes. François Coallier, chair of the ISO subcommittee Software and Systems Engineering, which developed the standard, comments: “ISO/IEC 38500 will help the governing body to evaluate, direct and monitor the use of IT. It will assist directors in assuming conformance with their obligations – regularly, legislation, common law, contractual – concerning the acceptable use of IT, and to have a proper corporate governance of IT.” Alison Holt, chair of the IT Governance working group, adds: “This standard is targeted at the board of an organisation, to assist the board in delivering the maximum value from IT and information assets across the organisation.” ISO/IEC 38500 was developed by the joint technical committee ISO/IEC JTC1, Information technology, subcommittee SC 7, Software and Systems Engineering. It costs SFR84 and is available from ISO national member institutes and ISO Central Secretariat. The framework comprises definitions, principles and a model. It sets out six principles for good corporate governance that express preferred behaviour to guide decision making: responsibility strategy acquisition performance conformance human behavior