#Entry 10 - Governance in IT
Sudipto Banerjee
Director- Consulting, ITIL Ambassador, IT Service Management/ Project Management, Certified Scrum Product Owner
Recently I was going through an article on Corporate Governance, which although half a decade old, seemed quite relevant even in today’s date. It lists the eight core Guiding Principles of Corporate Governance.
Principles of Corporate Governance. (2016, September 8). The Harvard Law School Forum on Corporate Governance. https://corpgov.law.harvard.edu/2016/09/08/principles-of-corporate-governance/
This brings me to today’s topic- ISO 38500 - ISO/IEC Standard for Corporate Governance of Information Technology. ISO/IEC 38500:2008 was the initial version which came out while the latest version is 2015.
ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations.
ISO/IEC 38500:2015 is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. ISO/IEC 38500:2015 is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.
ISO/IEC 38500:2015. (2015). ISO. https://www.iso.org/standard/62816.html
领英推荐
Fran?ois Coallier, Professor of Software, and IT Engineering at école de technologie supérieure (éTS) and former chair of the ISO subcommittee, Software, and systems engineering, which developed the standard, said that most organizations use IT as a fundamental business tool, and few can function without it. IT is also a significant enabler in the future business plans of many organizations and ISO/IEC 38500 will help the governing body to evaluate, direct and monitor the use of IT. I remember reading about a Case Study on Corporate Governance of IT using ISO 38500 which was presented at the itSMF Australia 11th National Conference where Mark Toomey highlights about the experience at Midco. Of course, it’s been almost 15 years since the experience but for me even today it is a noteworthy read. For those of you with an interest in IT Security Governance can surely refer to IT Security Governance: A Framework based on ISO 38500 where I found some of the challenges in IT security governance to be quite pertinent.
Ahuja, Suchit and Chan, Yolande E., "IT Security Governance: A Framework based on ISO 38500" (2015). CONF-IRM 2015 Proceedings. 27. https://aisel.aisnet.org/confirm2015/27
Of course, no article about IT Governance can be deemed complete without the mention of COBIT, the latest version of which is COBIT 2019.
COBIT | Control Objectives for Information Technologies. (2022). ISACA. https://www.isaca.org/resources/cobit
So now the next question that might pop up in your mind maybe – what is the relationship between ISO 38500 and COBIT? Well, that is the content for another day