New ISO standard for corporate governance of information technology

Because inadequate information technology systems can hinder the performance and competitiveness of organizations or expose them to the risk of not complying with legislation, the new ISO/IEC 38500 standards provides broad guidance on the role of top management in relation to the corporate governance of IT.

François Coallier chair of the ISO subcommittee, Software and systems engineering, that developed the standard comments: “Most organizations use IT as a fundamental business tool and few can function without it. IT is also a significant enabler in the future business plans of many organizations. ISO/IEC 38500 will help the governing body to evaluate, direct and monitor the use of IT.

"It will assist directors in assuming conformance with obligations – regularly, legislation, common law, contractual – concerning the acceptable use of IT and to have a proper corporate governance of IT.”

ISO/IEC 38500:2008, Corporate governance of information technology, is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT.

The framework comprises definitions, principles and a model. It sets out six principles for good corporate governance of IT:

* Responsibility
* Strategy
* Acquisition
* Performance
* Conformance
* Human behaviour.

Alison Holt, chair of the IT Governance Working Group comments: “This standard is targeted at the board of an organization, to assist the board in delivering the maximum value from IT and information assets across the organization.”

www.iso.org

•Date: 6th June 2008• Region: World •Type: Article •Topic: Operational risk
Rate this article or make a comment - click here