ISO/IEC 38500 was developed under the fast-track procedures of ISO/IEC JTC1, and is based on the Australian Standard AS8015:2005.
The original Australian Standard was developed by Standards Australia Technical Committee IT-030. The project commenced during 2002, and development of the core standard was finalised late in 2004. AS8015 was officially launched on 31 January 2005.
Adoption of AS8015 as an International Standard was the responsibility of an international study group constituted under JTC1 subcommittee SC7 (Software and System Engineering).
Recognising that Corporate Governance of IT is relevant to a much wider range of disciplines than just Software and Systems Engineering, JTC1 has established a further International Study Group to recommend how ongoing management and development of standards relating to governance of IT should be organised. As a result, JTC1 created a separate Working Group, WG6, which reports directly to JTC1, and continues the work of developing guidance on governance and management of IT.
ISO/IEC 38500 is a short document, written using plain language. It is designed to be read, understood and used by business leaders including members of the top governing body (the board of directors or equivalent).
The standard recognises that every organisation is unique, and does not attempt to prescribe detailed processes for corporate governance of IT. To do so would probably result in cumbersome overheads that would reduce, rather than enhance performance. The standard clearly says that every organisation needs to design its own arrangements for Corporate Governance of IT, paying heed to the broader characteristics of the organisation.
Good corporate governance is as much about behaviour as it is about process, and ISO/IEC 38500 provides clear advice about behaviour, through six key principles for good governance of IT.
ISO/IEC 38500 provides the essential key to helping organisations ensure that they do have effective direction and control of their IT, because it provides the context in which to understand that Corporate Governance of IT has to address both demand for, and supply of IT.