TECHNICAL ISO/IEC TS SPECIFICATION 38501 Firstedition 2015-04-01 Information technology Governance ofIT - Implementation guide Technologies de I'information -Gouvernance des technologies de I'information-Guided'implémentation Reference number ISO/IECTS38501:2015(E) IEC Intemational Organization for Standardization @IS0/IEC2015 Not for F ted without license from IHS IS0/IECTS38501:2015(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC2015 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Case postale 56.CH-1211 Geneva 20 Tel. +4122 749 0111 Fax +41 22 749 09 47 E-mail [email protected] Web www.iso.org Published in Switzerland PrganizationforStandardization Uecense-Zhejiang nstiute of tandar@aJSS./JEC 2015 - All rights reserved networking permited without license from IHS NotforResale, 2015/6/2908:35:43 IS0/IECTS38501:2015(E) Contents Page Foreword ..iv Introduction. ..V 1 Scope. 1.1 Overview .1 1.2 Purpose... 1.3 Audience. .1 2 Normativereferences .1 3 Implementationapproach ..1 4 Establishand sustainenablingenvironment .2 4.1 Overview ..2 4.2 Ensure internal stakeholderengagement 2 4.3 Clarify sponsorship and responsibilities. .3 5 Govern IT .3 5.1 Overview 3 5.2 Evaluate. 4 5.2.1 Overview 4 5.2.2 Understand internal environment. .4 5.2.3 Understandexternal environment .4 5.2.4 Identify current stateof theuseofIT 5 5.3 Direct. .5 5.3.1 Overview .5 5.3.2 Definedesired state fortheuse ofIT .5 5.3.3 Initiate change program 6 5.3.4 Identify governance enabling mechanisms .6 5.4 Monitor .7 5.4.1 Overview .7 5.4.2 Defineevidenceof success .8 5.4.3 Establishmonitoring system .8 6 Continual Review .8 AnnexA(informative)AssessmentScheme ..10 AnnexB (informative)Is0/IEc38500principlesand assessmentcriteria ..12 Bibliography ..15 iii ithout license from IHS