ISO IEC 38506-2020 PDF

Full title and description

Information technology — Governance of IT — Application of ISO/IEC 38500 to the governance of IT‑enabled investments. This international standard gives guidance to governing bodies and other stakeholders on governing investments that include IT elements, covering investments of any scale (from business acquisitions and major transformation programmes to incremental IT-enabled service improvements) and addressing value, risk and resource allocation considerations.

Abstract

ISO/IEC 38506:2020 adapts the principles and model of ISO/IEC 38500 to the specific context of IT‑enabled investments. It helps governing bodies evaluate, direct and monitor investment decisions so expected benefits and risks of IT elements are understood and accounted for. The standard is intended for boards and those interacting with them (management, project teams, accountants, consultants, portfolio managers and governance support staff) and does not mandate specific management practices.

General information

• Status: Published (confirmed).
• Publication date: February 2020 (edition 1).
• Publisher: ISO and IEC (joint publication).
• ICS / categories: 35.020 — Information technology (IT) in general.
• Edition / version: Edition 1, 2020 (ISO/IEC 38506:2020).
• Number of pages: 14 (ISO official publication).

Scope

The standard provides guidance on governance of IT‑enabled investments for governing bodies of all forms of organisations (private, public, governmental) and for other parties that interface with those governing bodies. It covers investments where IT contributes materially to value and risk — from acquisitions and major change programmes to new services and operational IT improvements. The standard focuses on governance decisions (evaluate, direct, monitor), resource allocation across short/medium/long term innovation, and due diligence for transactions; it does not prescribe operational management or detailed project management practices.

Key topics and requirements

• Application of ISO/IEC 38500 governance model (Evaluate — Direct — Monitor) to IT‑enabled investments.
• Principles for good governance of IT investments, including focus on value, risk awareness and accountability of the governing body.
• Guidance on prioritisation and resource allocation across portfolios and innovation horizons (short, medium, long term).
• Considerations for due diligence and valuation of IT elements in mergers, acquisitions and investment decisions.
• Roles and interactions between governing bodies, management and other stakeholders when overseeing IT investments.
• Advice on evidence and indicators a governing body can use to monitor investment performance and outcomes.

Typical use and users

Primary users are governing bodies (boards, audit or investment committees) and senior executives responsible for strategic investment decisions. Secondary users include CIOs, programme and portfolio managers, investment analysts, management consultants, auditors, legal and compliance advisers, and governance support staff who prepare information for or implement board directions related to IT‑enabled investments.

Related standards

ISO/IEC 38506:2020 is part of the ISO/IEC 38500 family on IT governance. Closely related documents include ISO/IEC 38500 (governance of IT), ISO/IEC TS 38501 (implementation guidance for governance of IT), ISO/IEC TR 38502 (integration between governing body and management) and ISO/IEC TR 38504 (principles for governing bodies). Organisations commonly use these documents together when establishing governance frameworks for IT and investments.

Keywords

IT governance, IT‑enabled investments, governance principles, evaluate‑direct‑monitor, resource allocation, due diligence, board guidance, investment portfolio, CIO, value and risk.

FAQ

Q: What is this standard?

A: ISO/IEC 38506:2020 provides guidance on how to apply the ISO/IEC 38500 governance model specifically to investments that include IT elements, helping governing bodies make informed decisions about value, risk and resource allocation.

Q: What does it cover?

A: It covers governance considerations for IT‑enabled investments of any scale — from acquisitions and major transformation projects to new services and operational IT improvements — and offers guidance on evaluation, direction and monitoring without prescribing operational management practices.

Q: Who typically uses it?

A: Governing bodies (boards and committees) use it to shape oversight of IT investments. Senior executives, CIOs, portfolio managers, auditors, consultants and governance support personnel also use it to prepare information for and implement board-level governance decisions.

Q: Is it current or superseded?

A: The document was published in February 2020 (edition 1) and has been confirmed through ISO's review process; it remains the current ISO/IEC 38506 publication. National adoptions or formatting may differ, but the ISO/IEC 38506:2020 text is the authoritative international version.

Q: Is it part of a series?

A: Yes — it is part of the ISO/IEC 38500 family on governance of IT and is intended to be used alongside ISO/IEC 38500, ISO/IEC TS 38501, ISO/IEC TR 38502 and ISO/IEC TR 38504.

Q: What are the key keywords?

A: IT governance, IT investments, evaluate‑direct‑monitor, governance principles, resource allocation, due diligence, governing body, value and risk.