Knowing about ISO 38500, an international standard for the corporate governance of information technology.

Despite the fact that technology is a tool currently used by almost every company, incorporating information technology (IT) as an active component of the organization’s strategy is still a major challenge. As defined by the OECD, governance is the system whereby organizations are run and controlled. According to ISO/IEC 38500, corporate governance refers to the system running and controlling the current and future use of IT. In addition to foregoing, corporate governance of IT should consider the strategies and policies for using IT in the organization.

In this regard, ISO/IEC 38500 is the international standard for good practices in Corporate Governance of Information Technology (IT), which is aimed at supporting the organization at the highest level, through a governance framework that ensures understanding and compliance with its legal, regulatory and ethical obligations for the use of IT in the organization. It, therefore, provides a structure of principles and a reasonable model to ensure such purpose.

• Principle 1: Responsibility. Establishing clearly responsibilities so that these may be understood by the IT area.
• Principle 2: Strategy. Planning IT based on the organization’s business strategies to meet current and future business needs.
• Principle 3: Acquisition. Any acquisition of IT is made by prior analysis and validations.
• Principle 4: Performance. Ensuring that IT performs satisfactorily to meet business needs.
• Principle 5: Ensuring that IT complies with previously established legal regulations, rules and formal policies.
• Principle 6: Human behavior. Ensuring that the use of IT respects the human factors, current and future needs of any person involved in the process.