IT Governance Standards: ISO 9001, 27002, and 38500
IN THE YEARS FOLLOWING WORLD WAR II, the United States emerged as the worldwide economic and political leader. Due to this dominance, many in the United States all but ignored the commercial best practice standards developed and used elsewhere in our globally connected economy. These international best practice standards are collaborative efforts that take into account a wide range of national needs and requirements. The source of many of these standards is the International Organization for Standardization (ISO; www.iso.org), a body based in Geneva, Switzerland, that has issued well-recognized standards covering a wide range of areas from specifications for fastener screw threads in an automobile engine to the thickness of a personal credit card to IT quality standards. These standards have been expanded over the years to cover many areas that are important for enterprise governance and quality.
Senior executives should have an understanding of the role of any ISO standards that are appropriate in their enterprise as well as the standards that are important for effective IT governance. This chapter will review three of these standards that are important for effective IT governance practices. After a background discussion of how these ISO standards are developed and why they are important, we will first look at the international standard called ISO 9001. While not focused on IT governance issues specifically, the ...