ISO IEC TR 38502-2017 PDF

Full title and description

ISO/IEC TR 38502:2017 — Information technology — Governance of IT — Framework and model. This technical report provides guidance on the nature and mechanisms of IT governance and management, and presents a framework and model to establish boundaries and relationships between governance and management for an organization’s current and future use of IT.

Intended to inform governing bodies, managers, advisors and standards developers, the report explains concepts and relationships rather than prescribing a management system or mandatory controls.

Abstract

ISO/IEC TR 38502:2017 gives guidance on the nature and mechanisms of governance and management and on how they relate in the context of an organization’s use of information technology. It supplies a framework and conceptual model that organisations can use to define the boundaries between governance and management, clarify responsibilities and accountabilities, and support consistent decision-making about IT. The report is descriptive and advisory in purpose and is aimed at governing bodies, managers, advisors and standards developers.

General information

• Status: Published.
• Publication date: 21 December 2017 (edition published December 2017 / ISO listing shows 2017-12).
• Publisher: Joint ISO/IEC technical publication (developed under ISO/IEC JTC 1, SC 40 — IT Service Management and IT Governance).
• ICS / categories: 35.020 (Information technology (IT) in general).
• Edition / version: Edition 2.0 (ISO/IEC TR 38502:2017).
• Number of pages: 11 pages (PDF/technical report length).

Scope

The technical report describes a non‑prescriptive framework and conceptual model to help organisations establish and understand the boundaries and interactions between governance and management of IT. It applies to organisations of all sizes and types and is intended to support governing bodies, executive managers, internal and external advisors, and those developing related standards by clarifying roles, responsibilities and the mechanisms used to govern IT. The document focuses on relationships and concepts rather than on specific implementation steps or controls.

Key topics and requirements

• Definitions and conceptual distinction between governance and management in the IT context.
• A framework and model to map boundaries, interfaces and relationships between governing bodies and management regarding IT decisions and accountability.
• Guidance on roles, responsibilities and decision rights for governing bodies, managers and advisors.
• Descriptions of governance mechanisms (direction, oversight, evaluation, monitoring) and management mechanisms (planning, building, running, monitoring operations).
• Advice for standards developers on consistent terminology and alignment with other governance and IT management deliverables.

Typical use and users

This technical report is used as a reference and explanatory guide by boards and governing bodies, CIOs and senior IT managers, enterprise architects, IT governance practitioners, consultants, auditors and standards developers. Typical uses include clarifying governance/management boundaries during policy creation, aligning corporate governance with IT decision-making, informing governance frameworks and training materials, and providing background when developing or aligning organisational IT governance practices.

Related standards

Closely related to and complementary with ISO/IEC 38500 (governance of IT for the organization), which provides high‑level principles and guidance for governing bodies; ISO/IEC TR 38502 supplies a framework/model to help position those principles in relation to management. The TR also aligns conceptually with other IT governance and management standards and frameworks (for example ISO/IEC 20000 series for IT service management and broader governance guidance developed under ISO/IEC JTC 1/SC 40).

Keywords

IT governance, governance of IT, governance framework, governance model, management vs governance, ISO/IEC JTC 1, SC 40, IT service management, governing body, accountability, decision rights.

FAQ

Q: What is this standard?

A: ISO/IEC TR 38502:2017 is a technical report titled "Information technology — Governance of IT — Framework and model" that provides guidance and a conceptual framework for understanding and establishing the boundaries and relationships between governance and management of IT.

Q: What does it cover?

A: It covers the nature and mechanisms of governance and management in the IT context, presents a framework and model for defining boundaries and interfaces, and offers guidance for governing bodies, managers, advisors and standards developers rather than prescriptive requirements.

Q: Who typically uses it?

A: Governing bodies and board members, CIOs and senior IT managers, enterprise architects, IT governance practitioners, advisors/consultants, auditors and developers of related standards commonly use this report as explanatory guidance.

Q: Is it current or superseded?

A: ISO/IEC TR 38502:2017 is the published (Edition 2) technical report that superseded the 2014 edition; ISO records show the 2017 edition as the current TR (reviewed and maintained in the ISO lifecycle). Users should check the ISO catalogue or national standards body for the very latest status before relying on it for procurement or mandatory compliance activities.

Q: Is it part of a series?

A: Yes — it is part of the set of ISO/IEC deliverables addressing governance of IT and IT management. It complements ISO/IEC 38500 (governance of IT for the organization) and other JTC 1/SC 40 outputs addressing IT service management and IT governance topics.

Q: What are the key keywords?

A: Key keywords include: IT governance, governance framework, governance model, management, governing body, accountability, IT service management, ISO/IEC JTC 1/SC 40.