ISO standard for corporate governance in IT

The International Organization for Standardization (ISO) has developed a new standard: ISO/IEC 38500 Corporate Governance in Information Technology. It contains guidelines for corporate governance – values and principles of management and effective monitoring of undesirable developments – of corporate IT technology. IT systems can adversely affect performance and competitiveness in organisations and some systems are not even legal. According to François Coallier, Chairperson of ISO committee SC7 Software and Systems Engineering, to address this, organisations can use the new standard to "evaluate, guide, and monitor IT use", in order to achieve efficient and acceptable IT use.

The ISO standard can be used by organisations of any size, whether companies, government offices, or non-profit organisations. It contains six principles of corporate governance that are relevant to decisions in corresponding management processes: responsibility, strategy, acquisition, performance, conformity, and human behaviour. The goal of the standard is to offer a basis with which to evaluate corporate governance, to inform leaders about how they can regulate the use of IT in their organisations, and ultimately build trust in corporate governance.

(Christiane Schulzki-Haddouti)

(trk)