ISO/IEC 38500, International IT Governance Standard was published in June 2008 and built on the work done by the Australian Standards Institutes who published AS 8015 in 2005.

ISO/IEC 38500 sets out a very straightforward framework for the board's governance of Information and Communications Technology.  

ISO/IEC 38500 is based on the following 6 principles:

- Responsibility
- Strategy
- Acquisition
- Performance
- Conformance
- Human Behaviour

Directors have three critical activities in respect of IT: Direct, Evaluate and Monitor.  Effective IT governance should result in performance and conformance.

The Evaluate, Direct, Monitor model was designed to place the focus of IT governance at board level and is slightly different to the Plan-Do-Check-Act model that managers typically execute.

Directors need to get engaged in driving IT governance to ensure that IT delivers business success. Driving it from the bottom up will not address the persistent failure of IT to deliver the benefits that the investments are intended to achieve.

ISO/IEC 38500 is guidance for best practice; however, it does not define the specifics of exactly what needs to be done or how.

For more information about IT Governance, please click here.