(ISO: Geneva) -- Because inadequate information technology (IT) systems can hinder the performance and competitiveness of organizations or expose them to the risk of not complying with legislation, the new ISO/IEC 38500 standard provides broad guidance on the role of top management in relation to the corporate governance of IT.

“Most organizations use IT as a fundamental business tool and few can function without it,” comments François Coallier chair of the ISO subcommittee, “Software and systems engineering,” that developed the standard. “IT is also a significant enabler in the future business plans of many organizations. ISO/IEC 38500 will help the governing body to evaluate, direct and monitor the use of IT. It will assist directors in assuming conformance with obligations—regularly, legislation, common law, contractual—concerning the acceptable use of IT and to have a proper corporate governance of IT.”

ISO/IEC 38500:2008—“Corporate governance of information technology,” is applicable to organizations of all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT.

The framework comprises definitions, principles, and a model.

 …