Information technology — Governance of IT for the organization (Adopted ISO/IEC 38500:2024, third edition, 2024-02)

This document establishes a comprehensive framework for the governance of information and technology within organizations. It outlines the core responsibilities of governing bodies, focusing on the strategic alignment, resource optimization, and performance monitoring of IT investments. The standard defines six fundamental principles to guide effective decision-making and ensures that IT initiatives support organizational goals while managing associated risks. It emphasizes the need for transparency, accountability, and clear separation of responsibilities between governance and management functions. By adopting this framework, organizations can create a structured approach to evaluate the value of their IT capabilities and ensure compliance with legal and regulatory requirements. The guidance provided supports the development of policies and procedures that foster innovation and efficiency. This document serves as a reference for boards of directors, executives, and IT leaders seeking to enhance their governance practices. It aligns with international best practices and provides a systematic method for assessing the maturity of IT governance structures across various sectors.