ISO/IEC 38500:2008 信息技术的法人管理
标准编号:ISO/IEC 38500:2008
中文名称:信息技术的法人管理
英文名称:Corporate governance of information technology
发布日期:2008-06
标准范围
ISO/IEC 38500:2008为组织董事(包括所有者、董事会成员、董事、合作伙伴、高级管理人员或类似人员)提供了在其组织内有效、高效和可接受地使用信息技术(IT)的指导原则。ISO/IEC 38500:2008适用于与组织使用的信息和通信服务相关的管理流程(和决策)的治理。这些过程可以由组织内的IT专家或外部服务提供商控制,也可以由组织内的业务部门控制。它还为那些为董事提供建议、通知或协助的人提供指导。它们包括:高级管理人员;监控组织内资源的小组成员;外部业务或技术专家,如法律或会计专家、零售协会或专业团体;硬件、软件、通信和其他IT产品的供应商;内部和外部服务提供商(包括顾问);IT审计员。
ISO/IEC 38500:2008 provides guiding principles for directors of organizations (including owners, board members, directors, partners, senior executives, or similar) on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations.ISO/IEC 38500:2008 applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization.It also provides guidance to those advising, informing, or assisting directors.They include:
- senior managers;
- members of groups monitoring the resources within the organization;
- external business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies;
- vendors of hardware, software, communications and other IT products;
- internal and external service providers (including consultants);
- IT auditors.
标准预览图
