IT governance model according to ISO 38500.
By Global Trust Association
02 August, 2019 | 17:08hrs
The ISO 38500 standard focuses on promoting the effective, efficient and acceptable use of IT, assuring organizations that following these principles will help their managers consider the risks and foster opportunities arising from the use of IT. For this reason, it provides a principles-based management framework, as well as an IT governance model to support the organization in understanding and complying with its legal, regulatory and ethical obligations concerning the use of IT. The IT governance model based on ISO 38500 defines 3 main areas for ensuring good IT governance:
- EVALUATE. It consists of evaluating the current and future use of IT. To this purpose, it must be considered the political, technological, economic, social, legal, circumstances, among others, which arise from the influence of internal or external aspects affecting the organization, as well as everything that directly influences on the organization behavior or the use of IT. In this regard, continuous evaluations must be carried out to maintain the fulfillment of the organization’s objectives beyond the circumstances.
- DIRECT. It consists of assigning roles and responsibilities for directly preparing and implementing strategies to establish the direction of IT investments, as well as policies to ensure that the use of IT meets business objectives. This also implies compliance with senior management guidelines, principles of good governance established by the standard, and promotion of timely communication and a culture based on good governance of IT use.
- MONITOR. It consists of observing or monitoring compliance with policies and performance against strategies according to appropriate measurement systems. In this sense, it must ensure that IT complies with internal (policies and guidelines) and external (legal and regulatory) obligations.