CSA ISO/IEC 38500:15 (R2020)
Information technology — Governance of IT for the organization (Adopted ISO/IEC 38500:2015, second edition, 2015-02-15)
Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T).
This International Standard provides guiding principles for members of governing bodies of organizations (which can comprise owners, directors, partners, executive managers, or similar) on the effective, efficient, and acceptable use of information technology (IT) within their organizations.
It also provides guidance to those advising, informing, or assisting governing bodies. They include the following:
— executive managers;
— members of groups monitoring the resources within the organization;
— external business or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies;
— internal and external service providers (including consultants);
This International Standard applies to the governance of the organization’s current and future use of IT including management processes and decisions related to the current and future use of IT. These processes can be controlled by IT specialists within the organization, external service providers, or business units within the organization.
This International Standard defines the governance of IT as a subset or domain of organizational governance, or in the case of a corporation, corporate governance.
This International Standard is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. This International Standard is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.
The purpose of this International Standard is to promote effective, efficient, and acceptable use of IT in all organizations by
— assuring stakeholders that, if the principles and practices proposed by the standard are followed, they can have confidence in the organization’s governance of IT
— informing and guiding governing bodies in governing the use of IT in their organization and
— establishing a vocabulary for the governance of IT.