Close this search box.
Close this search box.

IT Governance – ISO 38500:2008

Provide guiding principles for directors of companies on the effective, efficient, and acceptable use of Information Technology (IT) within their organization


  • What is IT Governance ISO/IEC 38500?
    The objective of  ISO/IEC 38500 is to provide a structure of principles for directors (including owners, board members, directors, partners and senior executives) to use when evaluating, directing and monitoring the use of IT in their organizations. This standard provides a structure for effective governance of IT to assist those at the highest level of organizations to understand and fulfil their legal, regulatory and ethical obligations regarding their organizations’ use of IT. The scope of the standard is to provide guiding principles for directors of organizations on the effective, efficient and acceptable use of IT within their organizations
  • Why do organizations need ISO/IEC 38500?

Information Technology is the backbone for most modern organizations and it needs to be given the amount and quality of attention it deserves. IT is used by organizations to increase business productivity, manage resources more effectively. For this reason, investing in people who can use modern technology to maximize the output, as well as in the technology itself is of paramount importance for any business, regardless of the field of industry.


The three main tasks that shall be governed with the involvement of the directors are as follows:

  • Continuously evaluate the current and future use of IT which will benefit the organization
  • Direct preparation, evaluation and implementation of plans and policies to ensure that the use of IT is aligned within the organizations business objectives
  • Monitoring the conformance to the current implemented policies, performances which is aligned within the plans of the organization

Who is this for?

ISO/IEC 38500:2015 is applicable to all organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT, including public and private companies, government entities, and not-for-profit organizations

It is particularly associated with these roles within any organization:

  • Members of an Information Security or IT Governance team
  • Risk managers
  • Project managers
  • Professionals wanting to gain a comprehensive knowledge of the main concepts and processes in IT Corporate Governance
  • Auditors


The purpose of this International Standard is to promote effective, efficient, and acceptable use of IT in all organizations by

  • Manage the IT investments properly
  • Improve the performance of the organization
  • Improve project governance
  • Improve the competitive position of the organization
  • Minimize IT risks
  • Assure greater project success rates

How can we help?

Consulting: Using the guidance provided in the International standards ISO/IEC 38500 (Corporate Governance of IT), ISO/IEC 27001 (Information Security Management System) and ISO/IEC 20000 (IT Service Management), ECCI helps your organization ensure the IT services are effective and efficient

Training: ECCI prepares practitioners and auditors to understand the components and the operation of an IT Corporate Governance system based on ISO/IEC 38500