BS ISO IEC 38500-2015 pdf free download – Information technology — Governance of IT for the organization.
3? Benefits? of? Good? Governance? of? IT
Good governance of IT assists governing bodies to ensure that the use of IT contributes positively to the performance of the organization, through:
— innovation in services, markets, and business;
— alignment of IT with business needs;
— appropriate implementation and operation of IT assets;
— clarity of responsibility and accountability for both the supply of and demand for IT in achieving the goals of the organization;
— business continuity and sustainability;
— efficient allocation of resources;
— good practice in relationships with stakeholders; and
— actual realisation of the expected benefits from each IT investment.
This International Standard establishes principles for the effective, efficient and acceptable use ofIT.Governing bodies, by ensuring that their organizations follow these principles,will be assisted inmanaging risks and encouraging the exploitation of opportunities arising from the use of IT.
Good governance of lT also assists governing bodies in assuring conformance with obligations(regulatory, legislation, contractual) concerning the acceptable use of IT.
This International Standard establishes a model for the governance of IT.The risk of governing bodiesnot fulfilling their obligations is mitigated by giving due attention to the model in appropriately applyingthe principles.
Inadequate IT’ systems and improper or inappropriate use of IT can expose an organization to the risk ofnot complying with legislation.For example, in some jurisdictions, members of governing bodies couldbe held personally accountable if an inadequate accounting system results in tax not being paid.
Processes dealing with ITincorporate specific risks that should be addressed appropriately.For examplegoverning bodies and members of governing bodies can be held accountable for:
breaches of privacy, spam, health and safety, record keeping legislation and regulations;-non-compliance with standards relating to security, social responsibility;
– matters relating to intellectual property rights including licensing agreements.
Governing bodies using the guidance in this standard are more likely to meet their obligations.
4Principles and Model for Good Governance of IT
4.1Principles
This clause sets out six principles for good governance of IT.The principles express preferred behaviourto guide decision making.The statement of each principle refers to what should happen, but does notprescribe how, when or by whom the principles would be implemented – as these aspects are dependenton the nature of the organization implementing the principles.Governing bodies should require thatthese principles are applied.
Principle 1: Responsibility
Individuals and groups within the organization understand and accept their responsibilities in respectof both supply of, and demand for IT.Those with responsibility for actions also have the authority toperform those actions.
Principle 2: Strategy
The organization’s business strategy takes into account the current and future capabilities of IT; theplans for the use of lT satisfy the current and on-going needs of the organization’s business strategy.Principle 3: Acquisition
IT acquisitions are made for valid reasons, on the basis of appropriate and on-going analysis, with clearand transparent decision making.T’here is appropriate balance between benefits, opportunities, costs,and risks, in both the short term and the long term.
Principle 4: Performance
IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements.
Principle 5: Conformance
The use of IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced.BS ISO IEC 38500 pdf download