iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 38506:2020

(Main)

Information technology — Governance of IT — Application of ISO/IEC 38500 to the governance of IT enabled investments

Information technology — Governance of IT — Application of ISO/IEC 38500 to the governance of IT enabled investments

This document provides guidance on governance of IT enabled investments to the governing body of all forms of organizations, whether private, public or government entities, and will equally apply regardless of the size of the organization or its industry or sector. The terms business and business outcome throughout this document include all forms of organization covered by this document. The document also provides guidance to other parties interacting with governing bodies such as project personnel, accountants, management consultants, investment portfolio managers and governance support staff. IT enabled investments within the scope of this document could be investments of any scale from acquiring businesses to any business change incorporating IT, building new business services or addressing effectiveness and efficiency gains in IT operational services to gain competitive edge, whether those services are internal or provided by external parties. Resource allocation for strategic innovation is addressed by providing guidance to the governing body's decision for investment resource allocation between short-, medium- and long-term innovation projects. This document also provides guidance that can be applied in the due diligence process related to business acquisitions. This document may provide guidance on the application of the principles documented in ISO/IEC 38500 for ranking IT enabled investments including assessing the value and risks of IT elements in the context of investment banking or as performed by investment companies. This document does not prescribe or define specific management practices required for IT enabled investments. ISO/IEC TS 38501 contains guidance on the implementation arrangement for the effective governance of IT in general. The constructs in ISO/IEC TS 38501 can help to identify internal and external factors relating to the governance of IT and to define beneficial outcomes and identify evidence of success. ISO/IEC TR 38502 contains guidance on the integration between the governing body and management of an organization in general. This document is written in accordance with the principles of ISO/IEC TR 38504:2016.

Technologies de l'information — Gouvernance des technologies de l'information — Application de l'ISO/IEC 38500 à la gouvernance des investissements reposant sur les technologies de l’information

General Information

Status
Published
Publication Date
18-Feb-2020
ICS
35.020 - Information technology (IT) in general
Technical Committee
ISO/IEC JTC 1/SC 40 - IT service management and IT governance
Drafting Committee
ISO/IEC JTC 1/SC 40/WG 1 - Governance of InformationTechnology
Current Stage
9020 - International Standard under periodical review
Start Date
15-Jan-2025
Due Date
15-Jan-2025
Completion Date
15-Jan-2025
Ref Project

Buy Standard

ISO/IEC 38506:2020 - Information technology -- Governance of IT -- Application of ISO/IEC 38500 to the governance of IT enabled investmentsISO/IEC 38506:2020 - Information technology -- Governance of IT -- Application of ISO/IEC 38500 to the governance of IT enabled investments
PreviousNext
Standard
ISO/IEC 38506:2020 - Information technology -- Governance of IT -- Application of ISO/IEC 38500 to the governance of IT enabled investments
English language
14 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 38506
First edition
2020-02
Information technology —
Governance of IT — Application of
ISO/IEC 38500 to the governance of IT
enabled investments
Technologies de l'information — Gouvernance des technologies de
l'information — Application de l'ISO/IEC 38500 à la gouvernance des
investissements reposant sur les technologies de l’information
Reference number
©
ISO/IEC 2020
© ISO/IEC 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2020 – All rights reserved

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Good governance of IT enabled investments . 2
4.1 Benefits of good governance of IT enabled investments . 2
4.2 Focus on value . 2
4.3 Accountability of the governing body . 3
5 The model for good governance of IT enabled investments . 4
5.1 The model for good governance applied to the governance of IT enabled investments. 4
5.1.1 Evaluate . 5
5.1.2 Direct . 5
5.1.3 Monitor . . 6
6 Principles for governance of IT enabled investments . 6
6.1 General . 6
6.2 Principle 1 — Responsibility . 7
6.2.1 Applying the principle . 7
6.2.2 Implications for the governing body . 7
6.2.3 Desired outcomes . . 7
6.2.4 Governance behaviours . 7
6.3 Principle 2 — Strategy . 8
6.3.1 Applying the principle . 8
6.3.2 Implications for the governing body . 8
6.3.3 Desired outcomes . . 8
6.3.4 Governance behaviours . 9
6.4 Principle 3 — Acquisition . 9
6.4.1 Applying the principle . 9
6.4.2 Implications for the governing body . 9
6.4.3 Desired outcomes . .10
6.4.4 Governance behaviours .10
6.5 Principle 4 — Performance .10
6.5.1 Applying the principle .10
6.5.2 Implications for the governing body .10
6.5.3 Desired outcomes . .11
6.5.4 Governance behaviours .11
6.6 Principle 5 — Conformance .11
6.6.1 Applying the principle .11
6.6.2 Implications for the governing body .11
6.6.3 Desired outcomes . .12
6.6.4 Governance behaviours .12
6.7 Principle 6 — Human behaviour .12
6.7.1 Applying the principle .12
6.7.2 Implications for the governing body .12
6.7.3 Desired outcomes . .13
6.7.4 Governance behaviours .13
Bibliography .14
© ISO/IEC 2020 – All rights reserved iii

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that
are members of ISO or IEC participate in the development of International Standards through
technical committees established by the respective organization to deal with particular fields of
technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other
international organizations, governmental and non-governmental, in liaison with ISO and IEC, also
take part in the work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www .iso .org/ patents) or the IEC
list of patent declarations received (see http:// patents .iec .ch).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 40, IT Service Management and IT Governance.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
iv © ISO/IEC 2020 – All rights reserved

Introduction
In today’s rapidly evolving digital age, the world is experiencing unpredictable changes through shifts
in political and economic power combined with disruptive business models, seemingly constant
technology breakthroughs and innovative approaches to conducting business.
How can governing bodies prepare their organizations to address constant and new challenges while
being ready for an increasing information and technology driven future?
Information Technology (IT) supports the core functions of all organizations, underpins the basis of
almost all business activities and interfaces with customers and other stakeholders. Investments in IT
enablement and the contribution of IT to the business capability and performance of the organization
play a significant role in the achievement of strategic plans and the delivery of business value.
Effective governance of IT enabled investments will provide governing bodies with a better
understanding of their obligations and how value is derived to support the organization’s business
opportunities and to appropriately mitigate the organisation's risk.
Risks comprise such things as the failure to deliver required capabilities, failure of the business to
achieve the required benefits, with the impact on the organization leading to e.g. business disruption,
breach of obligations, regulatory non-compliance, failures of security, loss of data, down time. Effective
governance will proactively prevent or mitigate the IT aspects of the risk of such events occurring, for
example, by addressing prolonged underinvestment.
Governance of IT, including investments in IT, is part of sound corporate governance. Governance of IT
is not IT management but should be supported by a governance framework and the organization’s IT
management system.
This document provides guidelines to members of the governing bodies to apply the principles and
model documented in ISO/IEC 38500 to IT enabled investments. Throughout this document the word
"investments" is synonymous with IT enabled investments.
© ISO/IEC 2020 – All rights reserved v

INTERNATIONAL STANDARD ISO/IEC 38506:2020(E)
Information technology — Governance of IT — Application
of ISO/IEC 38500 to the governance of IT enabled
investments
1 Scope
This document provides guidance on governance of IT enabled investments to the governing body
of all forms of organizations, whether private, public or government entities, and will equally apply
regardless of the size of the organization or its industry or sector. The terms business and business
outcome throughout this docum
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC TR 20000-17:2024(Main)
Information technology — Service management — Part 17: Scenarios for the practical application of service management systems based on ISO/IEC 20000-1:2018

This document provides scenarios, explanations and examples for the practical application of service management systems (SMS) based on ISO/IEC 20000-1:2018. These scenarios provide examples of situations in which an SMS can be used and how the requirements of ISO/IEC 20000-1:2018 can be applied. This document can be used with ISO/IEC 20000-1 as well as with ISO/IEC 20000-2, ISO/IEC 20000-3, ISO/IEC TS 20000-5 and other parts of the ISO/IEC 20000 series. This document is aimed at: a) organizations that are intending to implement an SMS based on the requirements of ISO/IEC 20000-1; b) organizations that have already implemented an SMS based on the requirements of ISO/IEC 20000-1; c) consultants, trainers and other experts supporting these organizations. This document does not add to, change or replace any of the requirements in ISO/IEC 20000-1. This document is not intended to be used for a conformity assessment.

  • Technical report
    44 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-2:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 2: Process assessment model (PAM)

This document specifies the process assessment model (PAM). It contains process definitions of the ITES-BPO lifecycle defined in ISO/IEC 30105-1 and a model suitable for assessing process capability. The outcomes in the PAM are clearly defined, observable results, aligned to the business benefits derived by the customer and service provider. A PAM consists of a set of indicators for process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to determine ratings. The set of indicators included in this document is not intended to be an all-inclusive set, nor is it intended to be applicable in its entirety. Supersets and subsets are selected according to the context and the scope of the assessment. The PAM in this document is directed at assessment sponsors and competent assessors who wish to select a model and an associated documented assessment process for the ITES-BPO lifecycle processes, for process capability gap determination.

  • Standard
    135 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-3:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 3: Measurement framework (MF) and organization maturity model (OMM)

This document specifies a measurement framework (MF) and an organization maturity model (OMM). It provides the overview of how an organization can use the process reference model (PRM) in ISO/IEC 30105-1 and the process assessment model (PAM) in ISO/IEC 30105-2 to measure their capability and maturity levels. It conforms to the requirements of ISO/IEC 33003 and ISO/IEC 33004 and supports the performance assessment by providing a framework to measure and derive capability and organization maturity levels. This document is intended to be used in concurrence with the other parts of the ISO/IEC 30105 series and the assessment approach provided by ISO/IEC 33002 for assessing processes.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-5:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 5: Guidance

This document contains the guidance on supporting maturity improvement for service providers. It specifies the provision of assessment results that are repeatable, objective and comparable within similar contexts, and can be used for either process improvement or process capability gap determination. The framework for the conduct of assessments is designed to support the achievement of dependable assessment results. This document provides guidance on the usage of the core parts of the ISO/IEC 30105 series: ISO/IEC 30105-1, ISO/IEC 30105-2 and ISO/IEC 30105-3. This document also introduces the extended parts of the ISO/IEC 30105 series: ISO/IEC TS 30105-6, ISO/IEC TR 30105-7, ISO/IEC 30105-8 and ISO/IEC TS 30105-9.

  • Standard
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC 30105-1:2024(Main)
Information technology — IT Enabled Services-Business Process Outsourcing (ITES-BPO) lifecycle processes — Part 1: Process reference model (PRM)

The ISO/IEC 30105 series specifies the lifecycle process requirements performed by the IT enabled business process outsourcing service provider for the outsourced business processes. It defines the processes to plan, establish, implement, operate, monitor, review, maintain and improve its services. This document specifies the process reference model (PRM). It contains process definitions across the lifecycle described in terms of process context, purpose and outcomes, together with a framework defining relationships between the processes. The process purpose details the high-level objective of performing the process such that implementation of the process leads to tangible benefits for stakeholders. The process outcomes are clearly defined by observable results and aligned to the business benefits derived by the customer and service provider. This document: — covers IT enabled business processes that are outsourced; — is not intended to address IT processes, but includes references to them at key touchpoints for completeness; — is applicable to the service provider, not to the customer; — is applicable to all lifecycle processes of ITES-BPO; — serves as a PRM for organizations providing ITES-BPO services.

  • Standard
    29 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 20000-15:2024(Main)
Information technology — Service management — Part 15: Guidance on the application of Agile and DevOps principles in a service management system

This document provides guidance on the relationship between ISO/IEC 20000–1:2018 and two commonly used frameworks, Agile and DevOps. It can be used by any organization or person wishing to understand how Agile and DevOps can be used with ISO/IEC 20000–1, including: a) an organization that has demonstrated or intends to demonstrate conformity to the requirements specified in ISO/IEC 20000–1 and is seeking guidance on the use of Agile or DevOps to establish or improve the SMS and the services; b) an organization that already uses Agile or DevOps and is seeking guidance on how Agile or DevOps can be used to support efforts to demonstrate conformity to the requirements specified in ISO/IEC 20000–1; c) an assessor or auditor who wishes to understand the use of Agile or DevOps as a support for achieving the requirements specified in ISO/IEC 20000–1. Both approaches can be used independently or together. Depending on the context, an organization can deploy Agile frameworks only, DevOps frameworks only, use both Agile and DevOps frameworks in isolation, or use an integrated workflow with combined Agile and DevOps approaches. In any of these situations, this document can be used as guidance for the integration of Agile and DevOps practices in an SMS. The guidance in this document can assist an organization in planning and preparing for a conformity assessment against ISO/IEC 20000-1, noting that an organization can only claim conformity by fulfilling all requirements specified in ISO/IEC 20000-1.

  • Technical specification
    34 pages
    English language
    sale 15% off
ISO
ISO/IEC 38500:2024(Main)
Information technology — Governance of IT for the organization

This document provides guiding principles for members of governing bodies of organizations and those that support them on the effective, efficient and acceptable use of information technology (IT) within their organizations. This document is applicable to: — the governance of the organization’s current, and future, use of IT; — the governance of IT as a domain of governance of organizations. In terms of audience, this document is applicable to: — all organizations, including public and private companies, government entities, and not-for-profit organizations; — organizations of all sizes, from the smallest to the largest, regardless of the extent of their use of IT.

  • Standard
    21 pages
    English language
    sale 15% off
ISO
ISO/IEC 20000-1:2018/Amd 1:2024(Amendment)
Information technology — Service management — Part 1: Service management system requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
ISO
ISO/IEC TS 38508:2024(Main)
Information technology — Governance of IT — Governance implications of the use of a shared digital service platform among ecosystem organizations

This document provides guidance for members of governing bodies of organizations on the effective, efficient and acceptable use of a shared digital service platform among ecosystem organizations by: — establishing a vocabulary for the governance of a shared digital service platform among ecosystem organizations; — providing a framework for understanding the implications of the use of a shared digital service platform among ecosystem organizations; — guiding governing bodies to evaluate, direct and monitor the introduction and use of a digital service platform, applying the governance principles of ISO/IEC 38500; — assuring stakeholders that, if the guidance proposed by this document is followed, they can have confidence in the organization’s use of shared digital service platform among ecosystem organizations. This document also provides guidance to those advising, informing or assisting governing bodies, including: — executive managers; — members of groups monitoring the resources within the organization; — external businesses or technical specialists, such as legal or accounting specialists, retail or industrial associations, or professional bodies; — public authorities and policy makers; — internal and external service providers (including consultants); — auditors.

  • Technical specification
    16 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 20000-14:2023(Main)
Information technology — Service management — Part 14: Guidance on the application of Service Integration and Management to ISO/IEC 20000-1

This document provides guidance for organizations that are establishing or improving a service management system (SMS) by incorporating a service integrator. The incorporation of a service integrator is aimed at addressing an environment that includes services sourced from multiple service providers. This document specifically focuses on Service Integration and Management (SIAM) in the context of an SMS. The intended users of this document include: — organizations that need to manage multiple service providers within a new or existing SMS according to SIAM; and — consultants and advisors that support an organization during SMS implementation or improvement, where a SIAM approach is being adopted. NOTE 1 This document is applicable for organizations implementing SIAM in conjunction with SMS. It does not limit organizations or individuals from implementing any other management and governance model for managing multivendor environments along with SMS. This document is not applicable to organizations that have only one service provider. NOTE 2 In SIAM, the term "supplier" is not used. Internal and external suppliers are both referred to as “service providers”. See 4.2 for further comparison of terminology.

  • Technical specification
    30 pages
    English language
    sale 15% off