1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 38500-2024

ISO IEC 38500-2024 PDF

St ISO IEC 38500-2024

Name in English:
St ISO IEC 38500-2024

Name in Russian:
Ст ISO IEC 38500-2024

Description in English:

Original standard ISO IEC 38500-2024 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 38500-2024 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso26421
Choose Document Language:
€25

Full title and description

ISO/IEC 38500:2024 — Information technology — Governance of IT for the organization. This international standard provides high‑level, principles‑based guidance for members of governing bodies and those who support them on the effective, efficient and acceptable use of information technology within organizations of all types and sizes.

Abstract

This standard sets out guiding principles and a governance model to help governing bodies evaluate, direct and monitor the organisation’s current and future use of IT so that IT supports organizational objectives, complies with obligations and delivers value in a responsible manner. It is applicable to public, private and not‑for‑profit organizations regardless of size or the extent of their IT use.

General information

  • Status: Published.
  • Publication date: 23 February 2024 (Edition 3 published Feb 2024).
  • Publisher: International Organization for Standardization (ISO) / IEC joint publication (ISO/IEC).
  • ICS / categories: 35.020 Information technology (IT) in general.
  • Edition / version: Edition 3 (ISO/IEC 38500:2024).
  • Number of pages: 21 pages (ISO published PDF/ePub and paper formats).

Scope

ISO/IEC 38500:2024 is concerned with the governance of an organization’s current and future use of IT and with IT as a domain of organizational governance. The standard provides high‑level guidance applicable to governing bodies and those who support them, intended for any organization — private, public or not‑for‑profit — irrespective of size or sector.

Key topics and requirements

  • Principles for good IT governance — commonly expressed as Responsibility, Strategy, Acquisition, Performance, Conformance and Human Behaviour — which should guide decisions about IT.
  • Simple governance model (Evaluate — Direct — Monitor) for governing bodies to apply continuously to IT matters.
  • Identification of governance framework elements (e.g., Direction, Capability, Policy, Delegation, Performance, Accountability) to structure governance activities and oversight.
  • Emphasis on aligning IT direction and capability with organisational objectives, managing acquisition and performance of IT, ensuring conformance with legal/contractual obligations, and taking human factors into account.
  • Guidance designed to be non‑sector specific and usable as a standalone governance code or to update existing board‑level IT governance arrangements.

Typical use and users

Primary users are governing bodies, boards of directors, executive leadership, IT governance committees and senior management who set direction and oversight for IT. Secondary users include internal auditors, risk and compliance functions, enterprise architects and consultants implementing or assessing governance arrangements. The standard is intended to inform board‑level evaluation, direction and monitoring of IT across all organization types and sizes.

Related standards

ISO/IEC 38500:2024 sits at the centre of the Governance of IT family and is related to other governance and implementation documents such as ISO 37000 (Governance of organizations), ISO/IEC 38501 (implementation guidance), ISO/IEC 38505 (governance of data) and related technical reports and guidance addressing specific domains (for example guidance on governance implications of AI). The 2024 revision also aligns with ongoing updates in the 38500 family.

Keywords

IT governance, governance of information technology, board governance, evaluate‑direct‑monitor, responsibility, strategy, acquisition, performance, conformance, human behaviour, digital governance, data governance, organizational governance.

FAQ

Q: What is this standard?

A: ISO/IEC 38500:2024 is an international standard that provides high‑level guidance for governing bodies on the governance of IT within organizations. It is a principles‑based, non‑sector specific code to help ensure IT supports objectives, delivers value and meets obligations.

Q: What does it cover?

A: The standard covers the governance of the organization’s current and future use of IT, offering principles, a governance model (evaluate, direct, monitor) and a framework of governance elements to guide oversight, decision‑making and accountability for IT.

Q: Who typically uses it?

A: Governing bodies (boards), senior executives, IT governance committees, risk and compliance teams, auditors, and consultants use the standard to shape board‑level oversight, policies and assurance related to IT. It is applicable across public, private and not‑for‑profit sectors.

Q: Is it current or superseded?

A: Current. ISO/IEC 38500:2024 (Edition 3, published February 2024) supersedes ISO/IEC 38500:2015.

Q: Is it part of a series?

A: Yes. It is the cornerstone of the ISO/IEC governance of IT family and is intended to be used alongside implementation guidance and related technical reports (for example ISO/IEC 38501, ISO/IEC 38505 series, and other guidance addressing specific governance topics). The ISO/IEC JTC 1/SC 40 committee manages related work.

Q: What are the key keywords?

A: Responsibility, Strategy, Acquisition, Performance, Conformance, Human Behaviour; evaluate, direct, monitor; IT governance; board oversight; digital transformation; data governance.